Slashdot Mirror


User: argent

argent's activity in the archive.

Stories
0
Comments
12,456
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,456

  1. Re:I know we hate M$ here... on No Anti-Virus in Vista · · Score: 1

    Charging for a virus scanner would be Microsoft hitting you with a car, and then charging you for the trip to the hospital.

    That sounds like what happened when I called up Microsoft tech support on our first NT server install, back in the '90s. They gave me some bad advise on licensing that ended up taking my whole network down over the next day or so. When I called back, I was told that I'd exceeded the free support period, and they wouldn't talk to me unless I gave them a credit card number.

    I'm afraid I was rather cross with them, and let them know about it, and after I hung up I got some good info from Usenet that fixed the problem. A week later, I got a call from some bloke at Microsoft who said they'd extended my free support. I seem to recall getting just a wee bit sarcastic about that.

    What's the point? Hmm... I guess the point is you've got a good point there.

  2. Re:I know we hate M$ here... on No Anti-Virus in Vista · · Score: 1

    If they could ship an anti-virus product, why couldn't they just patch the issues that allow the viruses in the first place? I, for one, would be up in arms if a company took such an overtly-passive approach to the security of their software.

    So, are you up in arms yet?

    This crap has been going on since 1997.

    The best thing Microsoft could do in Vista would be to back out ALL the dependencies on the HTML control from any system applications, starting with Windows Explorer, and remove the ability to run ActiveX components inside it except by setting an administrator-only option to turn it back on ONLY for a version of Internet Explorer that's run inside a virtual machine and firewalled from any servers that aren't authenticated by Active Directory as being domain members.

  3. Re:Charge for the cow... and for the milk. on No Anti-Virus in Vista · · Score: 1

    Hell, you have to be a "root" user to install anything on windows giving everything you install full permissions over the OS during installation of anything.

    While having some real dividion between power users and administrators would be good, all that will do is force viruses to hide in the user's profile or in the directories elsewhere in the system that have to be writable. Finding hiding places is not a hard problem.

    You're not locking and bolting the doors from Johnny Burglar, you're locking and bolting the thermostat, cable box, telephone, and central heating system from Johnny Private Investigator, which just means he'll stick his bugs under your couch instead.

  4. Re:It's not the costs, it's the compression... on Warner Bros. to Try File Sharing in Germany · · Score: 1

    You first need to actually have a market, copyright means that you are more likely to have a monopoly.

    That doesn't mean you don't have a market, it means you have a market where the demand doesn't shift very much when you change the price. It does shift somewhat, if nothing else because of competition with the pirate domain. :)

  5. Re:It's not the costs, it's the compression... on Warner Bros. to Try File Sharing in Germany · · Score: 1

    Because there is the possibility of competition.

    Well, yes. Competition drives prices down towards the cost of production, which is why $1/DVD is a reasonable guess for the cost of production and distribution (modulo, as you say, profit margins).

  6. Re:We're still using NT4 domain controllers on Buy Vista or Else · · Score: 1

    For example, I've got a MS SQL server with very sensitive info on it. I have an IPSEC policy on it that denies access to the sql server port for everyone except one machine, and with that one machine all communication must be authneticated with a shared key.

    That works (as I said) for port-based services, and similar techniques are available for packet-filtering firewalls, though it does open you up to attack if you have to open up your configuration for any reason.

    It doesn't help with services that use Windows Networking, because they all run over the same port, using different named pipes. If you could bind the service to a specific interface that wouldn't be an issue.

    Other usefull things you can do on a domain are require kerberos authentication for sensitive Windows ports like (139,225,1025), so only clients that are domain members can talk to eachother on these ports.

    Heh.

    After we got merged into the company domain, most of the virus problems we've had have come from infected computers in the same domain. :) And of course about the most common reason I've seen for people to hook their computers into a foreign LAN... is printing, and that's one of the oldest Windows Networking functions out there.

  7. Re:It's not the costs, it's the compression... on Warner Bros. to Try File Sharing in Germany · · Score: 1

    Yeah, they'll say "The market doesn't accept electronic film distribution", blame the 'pirates' and shut the whole thing down. Then, they'll unleash DRM hell.

    Yes, it could be set up to fail... that's certainly one possibility. It's not, however, the only one. That's all I'm saying.

  8. Re:It's not the costs, it's the compression... on Warner Bros. to Try File Sharing in Germany · · Score: 1

    Again, how much it costs doesn't matter. The market doesn't work that way... it's not the costs that determine price, it's what people are willing to pay... if that wasn't the case Windows would sell for ten bucks.

    If you're introducing a new product, you don't know what peole are willing to pay, yet, so you have to guess. If you don't actually need to make a profit or grab market share any time soon, you can start off high because it's safer to have low initial sales than to set low expectations.

    In the long run the market can drive the price that people are willing to pay down towards the cost of production, because if you're making 80% margin someone else will come in and sell for 60% margin. But it's not always the case: if there's only room for a limited number of sellers in the market, or the sellers work together to maintain a high price, or the goods sold aren't generic so one seller isn't really as good as another, there's not a lot pushing the prices down.

    So... in the short term, the costs to the producer aren't driving the price, the benefits to the consumer are. The lower quality is a much more important factor than P2P.

  9. It's not the costs, it's the compression... on Warner Bros. to Try File Sharing in Germany · · Score: 1

    The actual production and distribution costs of a DVD are negligable. You can buy DVDs of movies that have gone into the public domain at dollar stores...

    As you say, the quality is likely to be lower than a DVD for any sensible file sizes, and that by itself should reduce the charge.

    On the other hand, this is a test market. If it doesn't sell well at full DVD cost they'll change things.

  10. Re:We're still using NT4 domain controllers on Buy Vista or Else · · Score: 1

    You are aware that you can use IPSEC and packet filter firewalls on UNIX as well, right? There's nothing essentially "Windows" about these, they weren't even implemented there first.

    The first problem is that in Windows you *have to* use them, because there's no other way to keep Windows Networking based services from listening on all enabled interfaces.

    On UNIX these are a second layer of protection. It's called "defense in depth".

    The second problem is that they don't filter based on service, but on port, so once you let Windows Networking through everything that uses named pipes is wide open.

  11. Re:We're still using NT4 domain controllers on Buy Vista or Else · · Score: 1

    Have you tried using IPSEC?

    IPSEC doesn't solve the problem that all services listen on any interface and you can't limit them to the inside interface or to localhost, so the distinction between IPSEC and a firewall from a network security standpoint is almost none. It provides for privacy and confidentiality while an IPSEC connection is established, but you still need a firewall to protect services from the local network when using local resources (for example, local web-based services at a conference center or hotel, local printers at an office), and it doesn't (AFAIK) provide a way to limit access to SMS from potentially infected computers on the same virtual network.

  12. It's a brain transplant, just like NeXT. on Toy Story 3 Scrapped · · Score: 1

    Disney pays 7 billion for Pixar. As a result, Pixar is calling the shots at Disney.

    That's what happens when you have a brain transplant. The brain calls the shots.

    It's the same thing that happened when Apple bought NeXT.

  13. Re:We're still using NT4 domain controllers on Buy Vista or Else · · Score: 1

    The only remote management support Microsoft has added that I've found at all useful is Interix. The rest of the stuff requires that you run your network the way Microsoft says you should run your network... it's the same problem that we had with Windows 2000 in the first place: Microsoft bundles together things that are useful and things that are positively counterproductive, and you can't get the one without the other.

    And just to make it more fun, Microsoft screwed up the design of their port of Berkeley sockets to NT, and didn't fix the problem when they re-implemented it, so they can't run services from an inetd-style superserver. If they did that, you could control access to services without a firewall, and do it in a fine-grained manner... instead, you get viruses using the remote management interface to propogate and you can't block them on your own network (let alone a foreign one) without disabling the management services you want to use to push your firewall rules over.

    The bottom line is, you can't use these tools effectively without running your network Microsoft's way, and Microsoft's way just asking for trouble.

    Oh well, at least it makes the virus-writing freaks happy.

  14. We're still using NT4 domain controllers on Buy Vista or Else · · Score: 1

    For fire-and-forget servers, NT 3.51 was probably the peak. NT4 brought GDI into the kernel, which was fine for desktops but daft for servers, and 2000 brought in a new domain model that was incompatible with standard DNS for long enough that there was really no point going back and upgrading them once that got worked out.

    We don't have any 3.51 kit left, but we have a few NT4 servers handling an old NT4 domain.

    2000 was pretty good, for Windows, once you got past the "we're going to make everyone's domains obsolete" arrogance.

    XP... I don't see the point. Terminal Server makes remote maintainance easier, but so does VNC, and concurrent multiuser Windows is a fool's game. Other than making the Citrix-style remote desktop standard, XP really isn't significantly different from 2000.

  15. Steve Wozniak versus Paul Allen on Who is Your Hero, Gates or Jobs? · · Score: 2, Insightful

    Let's compare the REAL brains of the outfits, OK?

  16. Re:There are bigger problems with OSX on Ancient Flaws May Leave Mac OS X Vulnerable · · Score: 1

    Then the "Yes" button should always be the one that causes least harm. Like, f'rinstance, NOT opening up the damned attachments.

    Then they get trained to hit "no".

    Whatever they "usually" hit, is what they'll learn to hit.

    It doesn't matter whether that's "Yes", "Open", "No", "Cancel", "Accept", "Submit", "Dominate", "Cancel Default Open", "Cancel Canceling Cancelation", or "Fargo".

    The dialog itself is the problem.

    Changing the mechanism so the dialog isn't required, like, not having the option to open the attachments from the browser just by clicking on a link... that's the real solution.

  17. Re:Admin rights not required, summary wrong as usu on Ancient Flaws May Leave Mac OS X Vulnerable · · Score: 1

    That's not the worst I've seen, but it's pretty bad.

    Time to send the folks at Apple a copy of _Innocent Code_.

    (I think the worst was a script that checked $PS1 for a "#" character)

  18. Re:There are bigger problems with OSX on Ancient Flaws May Leave Mac OS X Vulnerable · · Score: 1

    Help the n00bs make the right choice!

    Yes, our dialog boxes will be phrased in an unpleasant way[...]


    Your heart is in the right place, but it's AMAZING how often people will reflexively answer "yes" to dialog boxes no matter what they say. You need to arrange things that yes/no "warning" dialog boxes are only used for situations where the user has to make a decision right then, and it's better to redesign the process to avoid them than to make them more informative.

    (of course, some designers will do something really stupid, like change "delete" to "move to trash/recycling bin" - which redesigns the process to avoid the necessity of a forced decision - but leave the "do you really want to delete this file" dialog in place, with "delete this file" changed to "move this file to trash/recycling bin" - which mostly just helps train people to reflexively answer "yes" to dialog boxes)

  19. Re:There are bigger problems with OSX on Ancient Flaws May Leave Mac OS X Vulnerable · · Score: 1

    Security Zones are still a bit of a mess, though.

    Where "a bit of a mess" means "inherently insecure and unfixable".

    After all that fuss, they should just make you download and install the plugin. It'd be less hassle. Seven years now they've resisted installers, they oughta just give up and split IE and the desktop again and have done with it.

  20. Re:a prediction. on Ancient Flaws May Leave Mac OS X Vulnerable · · Score: 3, Informative

    (approx. $600 if you were staying current all along)

    I'm currently running Panther (and Jaguar on one Mac), and I'm skipping Tiger unless something comes up that requires Tiger that I actually care about. I got Jaguar, used, for $50, and Panther came on my Mac minis, so I'm good until Leopard comes along.

    It wasn't until Firefox hit around 10% we started to see hackers paying attention and start exploiting the MS alternative product.

    And when precisely did this happen. When "hackers" exploited Firefox, I mean. Real, live, in-the-wild you-better-watch-out exploits?

    Apple's always been a minor player, and back in the '80s and early '90s they had a corresponding share of exploits in the classic no-security Windows-like Mac OS. Being 5% back then didn't keep them from being exploited, being easily exploitable made them exploited.

    They have patched literally thousands of bugs and security holes and continue to do so at a pretty steady rate. We don't hear about it

    If we didn't hear about it, how do you know about it? Do you have GOLD JULY BOOJUM clearance?

  21. There are bigger problems with OSX on Ancient Flaws May Leave Mac OS X Vulnerable · · Score: 5, Informative

    There are bigger problems in OSX. Auto-installing Dashboard widgets was stupid, and "Open Safe Files After Downloading" (a silly name for "Open Potentially Unsafe Files After Downloading") is an unnecessary risk only minimally mitigated by adding warning dialogs... but at least you can turn it off. More details in these comments:

    http://www.scarydevil.com/~peter/io/osx-security.h tml
    http://www.scarydevil.com/~peter/io/apple.html
    http://www.scarydevil.com/~peter/io/apple2.html

    Thankfully even these are not as easily exploited as Microsoft's poisoned gumbo of IE, Outlook, ActiveX, and Security Zones... but Apple really needs to take a good look at the way they approach the Internet, and quit being so trusting.

  22. note to self on Linus Says No GPLv3 for the Linux Kernel · · Score: 1

    (bah, major typos)

    (remind self NOT to forget to proofread just because of an interruption)

  23. Re:cost vs. benefits on Linus Says No GPLv3 for the Linux Kernel · · Score: 2, Informative

    Good to see I wasn't hallusinating about the "definition of a user" bit not being in there.

    What most people *are* listing under the disadvantages is the DRM stuff. It is believed by many that it would be impossible to make a DRM decoding device using Linux without giving out enough information to break the DRM, thus preventing a huge potential market for Linux.

    There's basically thre parts to the DRM section.

    The first part says you can't use the GPLed code for illegal purposes. The GPL already sais that it's void if you'd be breaking the law by using it, so that bit's redundant,

    The third bit says that you have to provide any necessary keys to the user if the user isn't already getting those keys some other way. But in a DRM application, you have to provide the keys to the user for them to decrypt the DRM: that's how DRM works, so that bit is actually irrelevant. Plus, it's covered in the definition of the source code, so it's redundant.

    That leaves the bit in the middle. Which is interesting. What it mostly seems to be for is to ensure that if someone uses their access to the GPLed code to learn how to bypass the DRM, or to actually bypass the DRM, you can't sue them under the DMCA or similar laws for breaking or bypassing a security device.

    also the method of reinstalling the software could change the keys so that the machine will no longer decode the "real" data but instead now be able to decode some other data that does not have any entertainment encoded in it

    I believe that would violate the earlier section where it defines what it means by source code.

  24. Re:cost vs. benefits on Linus Says No GPLv3 for the Linux Kernel · · Score: 1

    As I understand it, GPL v3 says if you are using something over the network, you're still a user, and if that software is modified, it's no longer a private modification and the source to the changes has to be made available.

    ORLY?

    I must have missed that bit.

    What if you're using it over a phone line, or with a meat proxy (secretary, help desk, tech support) in the way, ... what makes a network special?

  25. Wait... wait... don't tell me... on Bush Administration to Support Nuclear Recycling · · Score: 1

    So why is it that we're allowed to enrich nuclear fuel for supposed power generation but the Iranians aren't?

    Ooh, yeh, if the US did that, they could develop atomic weapons!

    Wait a sec...