What's up with the screwy HTML in the submission? It looks like someone completely forgot to close an <a> tag, and yet it got posted like this anyway. Did Zonk not notice this before approving the post? Or are Slashdot editors deliberately approving ugly, messed-up stuff just to try to drive us nuts?
"One of the most frustrating things that happens occasionally is you go into a client and they'll regale you with tales of atrocities and you say, 'When did this happen?' and they say 'Oh, 1993 or 94, I forget when' -- there's such a long tail to the memories of some of our clients." -- [CA CEO John] Swainson laying out the challenges he and his team face in trying to rebuild shattered customer confidence in the company formerly known as Computer Associates, now rebranded just plain CA. (Oct. 12.)
Swainson's not kidding, there. Especially when a company does something really boneheaded, people don't forget, and they don't even forgive. (I think maybe people feel like forgiveness is for other humans, not for corporations.)
I was on the phone with a recruiter earlier today, and mention of Claria (formerly Gator) came up. He said that it was really difficult to place people there. There were the occasional ones who just didn't recognize the name, but at least half his potential hires went "Claria? They're the people who used to be Gator! I'm not working there! Don't even send them my résumé."
Note that these are people who are out of work, too. Some missteps are just so bad, you can never recover from them. Associating yourself with sleazy and excruciatingly annoying marketing methods is one of them. (Only time will tell if putting rootkits on your customers' computers is another.)
There's no need to subpoena Google when you can just get a warrant to search the person's house and effects for evidence. Their "effects" would naturally include their computer, including any information in the browser cache.
Oddly enough, that seems to be exactly what the police did in this situation, based on the article text: "investigators continue to find new evidence on computers seized from Robert Petrick's home". (Okay, I'm kind of assuming they had a warrant, but seeing as how the guy's on trial for murder, I think that particular assumption is pretty safe.)
So, the question for society seems to be, "Should police be able to search the personal effects of people accused of murder, if they have a warrant?" Unsurprisingly, our society came up with an answer to that question over 200 years ago. It's not a very hard question, and our answer was "yes".
The only other question I can see here is "In the modern era, should 'personal effects' be considered to include the contents of someone's computer?" Again, answering "yes" to this one is a no-brainer. I'm a fairly fierce civil libertarian, but I see no problems here: the prosecution had enough evidence to bring a charge of murder against the guy; on the strength of that evidence, they got a warrant to search for more evidence; they're doing so. It all seems quite above-board to me.
You expected the editors to actually check the facts first? You must be new here.
Social Engineering Becoming More Serious
on
Security and Usability
·
· Score: 3, Insightful
The "social engineering" concerns that were brought up in the paragraph about Mitnick have now become large-scale issues that affect everyone from site operators to end-users. Every phishing attack is essentially a social engineering attempt. Many worms, from "I Love You" on to the current IM worm, spread by convincing each new recipient that they're safe to execute— again, a social engineering attack.
It's too bad this 714-page book probably won't be read by the average end-user; the fact that the current IM worm is still spreading is ample proof that users still aren't sufficiently aware of social engineering issues. And that affects all of us; the spam I just cleared out of my inbox probably came through a zombie machine that got infected by just such a worm.
No, you cannot prove science using science. You cannot prove anything using using science, and any good scientist would be the first to admit that. Science can disprove things, but it never considers anything proven; new evidence could always be just around the corner.
Those who "are proclaiming science is God/The Truth", in your words, are not scientists. They're certainly not people who understand science or the scientific method, and I think it's unfair to hold science responsible for them. (Note how the only appearances of the words "truth" and "true" in that linked page are in centuries-old quotations, or right near the word "probability".)
So what this article is saying is that a huge percentage of today's office workers are completely unprepared to use a standard office tool. Back around the early 1900s, did they say, "I just can't understand these typewriters. What's the difference between 'shift' and 'carriage return'? Why should I have to know these technical terms?"
Or imagine a modern office worker who said: "I don't know the difference between 'facsimile' and 'photocopy'. I mean, they even sound pretty similar; they both begin with an F sound, and end with 'ee'. And what's the difference between 'sending' and 'receiving' these faxes? I always have to ask for help on that."
Nobody here (or anywhere else, really) is arguing that the average office worker should understand how to code, or know what an IRQ conflict means. But simple concepts like upload and download, or the meaning of basic prefixes like kilo-, mega- and giga-, or the difference between a JPEG and a PDF, are things that anyone trying to use modern computing technology needs to know. Remaining willfully ignorant of these kinds of things is like remaining willfully ignorant of the difference between your car's brake fluid and windshield washer fluid (Hey, they're boh fluids, right? Lots of room for confusion there!), or not knowing what "miles per gallon" means.
The kilo-/mega-/giga- thing, in particular, is not solely important in deciding whether to send an attachment via email. (I agree with those pointing out that mail servers should be configured to reject overly-large messages.) But without an understanding of file sizes and disk space:
you have no idea how long a file will take to download from a web site;
you have no idea how big your hard drive is, how much space you have left, or whether that file you're about to download will fit on it;
you have no idea how much space there is on your iPod or other portable MP3 player (it's not just computers; bytes are a common unit in all sorts of modern technologies)
These folks need to learn to use the tools that are necessary for their jobs, or else find new jobs. If an office worker claimed not to be able to use a copier or fax machine, we'd laugh at them. ("Hey, how about the coffee maker? Can you figure that one out, or do you need help there, too?") We need to stop coddling those who can't be bothered to learn the basics about a tool they're getting paid to use every day.
when this amount of power is being consumed, shouldn't we be thinking about... energy efficiency instead?
Energy efficiency? What the heck is that?!? Some kind of commie pinko thing?
Pardon me, I've got to go hop in my SUV so I can drive a quarter-mile to the supermarket so I can pick up a newspaper. I wanna know more about Courtney Love's pregnancy. Oh, and I suppose I should care about what's going on in Iraq...
Given enough time and computing power, even a salted password hash can be broken by brute force. Markus Hess did that with passwords scammed from Cliff Stoll's machine all the way back in 1986, as described in The Cuckoo's Egg; the laws of mathematics haven't changed since then.
And it looks like the Mozilla Foundation realizes this, too, and are giving good advice.
Actaully, yes, I did mean to say security hole. Not exploits. I know of no actual exploits for Firefox yet; only security vulnerabilities which haven't actualy been exploited. My mistake.
Can We Get Firefox Developers To Do This, Too?
on
Hackers, Meet Microsoft
·
· Score: 5, Insightful
I remember when Windows 95 came out, with its weak, obviously-an-afterthought "web browser" (IE 3.0). It was painfully obvious that Microsoft had missed the Internet boat, and shortly thereafter, Bill Gates sent his historic all-hands memo pointing the company in the direction of the Internet.
It took them some time to get it right, but eventually IE took over. Now, you'd have a hard time finding a Microsoft product more complex than Minesweeper or calc.exe that doesn't connect to the Net somehow. And let's not forget that Netscape provided Microsoft with some much-appreciated help in taking over the Web, by screwing up their own release schedule so badly that there never was a Netscape 5.0.
Flash-forward to a couple of years ago, when Bill sent out yet another all-hands memo, pointing the company in the direction of security. At first, we all laughed. But now it's becoming more and more obvious that they're taking security every bit as seriously as they once took the Internet. They are aiming to be the top of the heap in security, and they've got drive, ambition and aggression.
Make no mistake, this kind of event is exactly what a company that wants to get secure should be doing. Thomlinson's comments about how seeing their code exploited "hits people in the gut", and the fact that "he was glad to see the crowd of engineers taking things personally" -- these things are right on the money. These things say to me that, within a few years, we're going to see some really damn secure stuff coming out of Microsoft.
In the meantime, Firefox exploits are cropping up at a seemingly greater pace. This worries me. It looks like a repeat of 1997, when Netscape lost huge amounts of ground to IE by producing a product that wasn't as good as the competition. SP2 wa s huge leap forward in security for Windows and for IE, and Blue Hat makes it obvious that Microsoft is just going to get better at it. In the meantime, Firefox appears to be standing still on the security front, or maybe even losing a little ground. Sure, it's still miles ahead of IE's security, but if IE keeps up the pace, it will overtake Firefox sooner or later -- probably sooner.
Is there any way the Firefox development team (and the OO.o team, and anyone else who's working on high-profile F/OSS projects) can take a lesson from Blue hat? Can we get together events like this of our own?
If we don't, I can already see that by 2009 or so, at the latest, I'll be telling clients to go with Microsoft products, because they're more secure than F/OSS. And I don't want to see that happen.
"It is internet only, so email needs to be via a web-based provider."
Well, if it's really "Internet only", then there's nothing to worry about. I can use POP on port 110, or IMAP on port 143, to check my email. Then I can send it using SMTP to port 25 on my mail server.
Or I could just SSH to port 22 of my server and read my mail on the command line, if I have a shell account. (Which I personally do, along with, I'm sure, many others here.) Ports 22, 25, 110, 143, and their related protocols are all well-established parts of the Internet; heck, at least two of them predate that newfangled port-80 contraption.
Or did you perhaps mean that it's Web only? Slashdot is the last place I thought I'd ever have to point out: the Web != the Internet.
I'm sure everyone who doesn't bother to RTFA will now think, "Oh, no, Linus and Alan are bitching each other out in public." That's nothing like what's going on here. For one, the submitter quotes only half of one particular line from the article:
"Linus is a good developer, but is a terrible engineer," said Cox. "I'm sure he would agree with that." [emphasis added]
So it sounds like Alan and Linus have discussed this particular difference in their talents before, either over beers at a pub, or over email or something.
Second, the article makes clear that part of what's going on is that Alan and Linus each have very different responsibilities in keeping Linux going, and so they necessarily focus on different things. Alan points out that as the dev tree maintainer, Linus is trying to keep the code maintainable, while Alan's trying to keep it stable.
And both of these things are necessary. It sounds to me like rather than being "at loggerheads", or "ready to call off the working relationship", instead Linus and Alan are a very well-matched and complementary team, both of whom contribute enormously to Linux's success and quality.
Each of them has strengths that make up for the other one's weaknesses, and it sounds like they have a good enough working relationship to give each other constructive criticism when needed.
I used to believe 128K was fine... even on my Cambridge Soundworks speakers, my 128K MP3s played just fine. Then I started getting gigs as a DJ. I took a bunch of those MP3s, burned them onto audio CDs, and took them out to clubs.
Most of them still sounded okay, but anything with a lot of bass (i.e., anything really danceable) sounded like absolute ass on a club sound system. The bass came out all fractured and distorted.
The problem is much less noticeable with 192K MP3s, and almost completely absent when I move up to 256K. The bitrate really does matter, and not just to audiophiles with hi-fi systems in their living rooms. Even drunken clubgoers could tell something was whacked with some of my 128K tracks.
The poster summarizes that "government intervention is currently premature because it is unlikely to strike an appropriate balance between the many competing interests at stake."
And this has historically stopped the government on exactly which occasions?
(Not that I disagree. Sure, the government should wait. But I don't think they're gonna.)
Like, back when there was no such thing as a jumperless motherboard, you'd check the motherboard documentation for the correct jumper configuration for the processor you're using.
Ah, the bad old days. I remember well. Back then, when I was shopping for mobos, one of my criteria was "Does it have the jumper settings silk-screened on the PCB somewhere?" Because if it did, then I knew I'd still be able to configure it, even if the manual got lost.
It wasn't my only buying criterion - or even necessarily the most important one - but it was definitely high on the list.
Funny. If you look at the Google Zeitgeist, you can see a whole lot of more-than-one-word searches. Okay, things like "Jessica Biel" might be considered to be one term, but how about "web hosting", "install windows xp", or "magic tricks"?
Note that there aren't a bunch of searches like "biel", "hosting", "xp" and so on, as we'd expect if people did one-word searches, and then expanded to two- or more-word searches.
The real problem here is that you can trademark a word in common use, like "scholar". Since the ACS did exactly that, roughly 6 years ago, they have no choice but to go after Google (or else have their own trademark claims painfully diluted, or maybe just nullified).
I don't much like what's happening here, but if I were Google, I'd be strongly considering just changing the name of my service. (IANAL, but it really looks like Google will have an uphill battle here.)
Slashdot Mirror
The summary should read: Mr. Millot's attorneys argued that his actions did not amount to $5K in damage...
It's those itsy-bitsy words that make all the difference.
What's up with the screwy HTML in the submission? It looks like someone completely forgot to close an <a> tag, and yet it got posted like this anyway. Did Zonk not notice this before approving the post? Or are Slashdot editors deliberately approving ugly, messed-up stuff just to try to drive us nuts?
Either way, it just plain looks baaad.
They can't have all that much momentum. It's the product of mass and velocity, and while the mass may be huge, the velocity is infinitesimal.
I do agree with your major point, though, that their motion is much easier to predict than that of the air.
Swainson's not kidding, there. Especially when a company does something really boneheaded, people don't forget, and they don't even forgive. (I think maybe people feel like forgiveness is for other humans, not for corporations.)
I was on the phone with a recruiter earlier today, and mention of Claria (formerly Gator) came up. He said that it was really difficult to place people there. There were the occasional ones who just didn't recognize the name, but at least half his potential hires went "Claria? They're the people who used to be Gator! I'm not working there! Don't even send them my résumé."
Note that these are people who are out of work, too. Some missteps are just so bad, you can never recover from them. Associating yourself with sleazy and excruciatingly annoying marketing methods is one of them. (Only time will tell if putting rootkits on your customers' computers is another.)
I've just gotta ask... you didn't actually count how many times they repeat that phrase, did you?
There's no need to subpoena Google when you can just get a warrant to search the person's house and effects for evidence. Their "effects" would naturally include their computer, including any information in the browser cache.
Oddly enough, that seems to be exactly what the police did in this situation, based on the article text: "investigators continue to find new evidence on computers seized from Robert Petrick's home". (Okay, I'm kind of assuming they had a warrant, but seeing as how the guy's on trial for murder, I think that particular assumption is pretty safe.)
So, the question for society seems to be, "Should police be able to search the personal effects of people accused of murder, if they have a warrant?" Unsurprisingly, our society came up with an answer to that question over 200 years ago. It's not a very hard question, and our answer was "yes".
The only other question I can see here is "In the modern era, should 'personal effects' be considered to include the contents of someone's computer?" Again, answering "yes" to this one is a no-brainer. I'm a fairly fierce civil libertarian, but I see no problems here: the prosecution had enough evidence to bring a charge of murder against the guy; on the strength of that evidence, they got a warrant to search for more evidence; they're doing so. It all seems quite above-board to me.
You expected the editors to actually check the facts first? You must be new here.
The "social engineering" concerns that were brought up in the paragraph about Mitnick have now become large-scale issues that affect everyone from site operators to end-users. Every phishing attack is essentially a social engineering attempt. Many worms, from "I Love You" on to the current IM worm, spread by convincing each new recipient that they're safe to execute— again, a social engineering attack.
It's too bad this 714-page book probably won't be read by the average end-user; the fact that the current IM worm is still spreading is ample proof that users still aren't sufficiently aware of social engineering issues. And that affects all of us; the spam I just cleared out of my inbox probably came through a zombie machine that got infected by just such a worm.
A neat trick that, considering that Star Trek didn't go on the air until September of 1966. To appear before a 1964 audience, she must have been the world's first time traveller, too.
(Yes, yes, I know she did all kinds of cool stuff, and MLK complimented Nichelle Nichols on her work and all that. I'm just nit-picking on the dates.)
No, you cannot prove science using science. You cannot prove anything using using science, and any good scientist would be the first to admit that. Science can disprove things, but it never considers anything proven; new evidence could always be just around the corner.
Those who "are proclaiming science is God/The Truth", in your words, are not scientists. They're certainly not people who understand science or the scientific method, and I think it's unfair to hold science responsible for them. (Note how the only appearances of the words "truth" and "true" in that linked page are in centuries-old quotations, or right near the word "probability".)
So what this article is saying is that a huge percentage of today's office workers are completely unprepared to use a standard office tool. Back around the early 1900s, did they say, "I just can't understand these typewriters. What's the difference between 'shift' and 'carriage return'? Why should I have to know these technical terms?"
Or imagine a modern office worker who said: "I don't know the difference between 'facsimile' and 'photocopy'. I mean, they even sound pretty similar; they both begin with an F sound, and end with 'ee'. And what's the difference between 'sending' and 'receiving' these faxes? I always have to ask for help on that."
Nobody here (or anywhere else, really) is arguing that the average office worker should understand how to code, or know what an IRQ conflict means. But simple concepts like upload and download, or the meaning of basic prefixes like kilo-, mega- and giga-, or the difference between a JPEG and a PDF, are things that anyone trying to use modern computing technology needs to know. Remaining willfully ignorant of these kinds of things is like remaining willfully ignorant of the difference between your car's brake fluid and windshield washer fluid (Hey, they're boh fluids, right? Lots of room for confusion there!), or not knowing what "miles per gallon" means.
The kilo-/mega-/giga- thing, in particular, is not solely important in deciding whether to send an attachment via email. (I agree with those pointing out that mail servers should be configured to reject overly-large messages.) But without an understanding of file sizes and disk space:
These folks need to learn to use the tools that are necessary for their jobs, or else find new jobs. If an office worker claimed not to be able to use a copier or fax machine, we'd laugh at them. ("Hey, how about the coffee maker? Can you figure that one out, or do you need help there, too?") We need to stop coddling those who can't be bothered to learn the basics about a tool they're getting paid to use every day.
Note to mods: I am an American. Born in Brooklyn, raised in the Sprawl, currently living in San Francisco. My post was self-satire.
when this amount of power is being consumed, shouldn't we be thinking about... energy efficiency instead?
Energy efficiency? What the heck is that?!? Some kind of commie pinko thing?
Pardon me, I've got to go hop in my SUV so I can drive a quarter-mile to the supermarket so I can pick up a newspaper. I wanna know more about Courtney Love's pregnancy. Oh, and I suppose I should care about what's going on in Iraq...
Given enough time and computing power, even a salted password hash can be broken by brute force. Markus Hess did that with passwords scammed from Cliff Stoll's machine all the way back in 1986, as described in The Cuckoo's Egg; the laws of mathematics haven't changed since then.
And it looks like the Mozilla Foundation realizes this, too, and are giving good advice.
Actaully, yes, I did mean to say security hole. Not exploits. I know of no actual exploits for Firefox yet; only security vulnerabilities which haven't actualy been exploited. My mistake.
I remember when Windows 95 came out, with its weak, obviously-an-afterthought "web browser" (IE 3.0). It was painfully obvious that Microsoft had missed the Internet boat, and shortly thereafter, Bill Gates sent his historic all-hands memo pointing the company in the direction of the Internet.
It took them some time to get it right, but eventually IE took over. Now, you'd have a hard time finding a Microsoft product more complex than Minesweeper or calc.exe that doesn't connect to the Net somehow. And let's not forget that Netscape provided Microsoft with some much-appreciated help in taking over the Web, by screwing up their own release schedule so badly that there never was a Netscape 5.0.
Flash-forward to a couple of years ago, when Bill sent out yet another all-hands memo, pointing the company in the direction of security. At first, we all laughed. But now it's becoming more and more obvious that they're taking security every bit as seriously as they once took the Internet. They are aiming to be the top of the heap in security, and they've got drive, ambition and aggression.
Make no mistake, this kind of event is exactly what a company that wants to get secure should be doing. Thomlinson's comments about how seeing their code exploited "hits people in the gut", and the fact that "he was glad to see the crowd of engineers taking things personally" -- these things are right on the money. These things say to me that, within a few years, we're going to see some really damn secure stuff coming out of Microsoft.
In the meantime, Firefox exploits are cropping up at a seemingly greater pace. This worries me. It looks like a repeat of 1997, when Netscape lost huge amounts of ground to IE by producing a product that wasn't as good as the competition. SP2 wa s huge leap forward in security for Windows and for IE, and Blue Hat makes it obvious that Microsoft is just going to get better at it. In the meantime, Firefox appears to be standing still on the security front, or maybe even losing a little ground. Sure, it's still miles ahead of IE's security, but if IE keeps up the pace, it will overtake Firefox sooner or later -- probably sooner.
Is there any way the Firefox development team (and the OO.o team, and anyone else who's working on high-profile F/OSS projects) can take a lesson from Blue hat? Can we get together events like this of our own?
If we don't, I can already see that by 2009 or so, at the latest, I'll be telling clients to go with Microsoft products, because they're more secure than F/OSS. And I don't want to see that happen.
"It is internet only, so email needs to be via a web-based provider."
Well, if it's really "Internet only", then there's nothing to worry about. I can use POP on port 110, or IMAP on port 143, to check my email. Then I can send it using SMTP to port 25 on my mail server.
Or I could just SSH to port 22 of my server and read my mail on the command line, if I have a shell account. (Which I personally do, along with, I'm sure, many others here.) Ports 22, 25, 110, 143, and their related protocols are all well-established parts of the Internet; heck, at least two of them predate that newfangled port-80 contraption.
Or did you perhaps mean that it's Web only? Slashdot is the last place I thought I'd ever have to point out: the Web != the Internet.
I'm sure everyone who doesn't bother to RTFA will now think, "Oh, no, Linus and Alan are bitching each other out in public." That's nothing like what's going on here. For one, the submitter quotes only half of one particular line from the article:
So it sounds like Alan and Linus have discussed this particular difference in their talents before, either over beers at a pub, or over email or something.
Second, the article makes clear that part of what's going on is that Alan and Linus each have very different responsibilities in keeping Linux going, and so they necessarily focus on different things. Alan points out that as the dev tree maintainer, Linus is trying to keep the code maintainable, while Alan's trying to keep it stable.
And both of these things are necessary. It sounds to me like rather than being "at loggerheads", or "ready to call off the working relationship", instead Linus and Alan are a very well-matched and complementary team, both of whom contribute enormously to Linux's success and quality.
Each of them has strengths that make up for the other one's weaknesses, and it sounds like they have a good enough working relationship to give each other constructive criticism when needed.
Dangit, how come I never see comments like these when I've got mod points to spend on them? This is worth a "+5, Insightful" any day.
Please repeat after me: one phenomenon. Two or more phenomena.
"That's a very interesting phenomenon."
"No, it happened five times. Those are five very interesting phenomena."
Thank you.
Aside from that, I liked the calling out of the book for its unclothed-emperor-ness.
I used to believe 128K was fine... even on my Cambridge Soundworks speakers, my 128K MP3s played just fine. Then I started getting gigs as a DJ. I took a bunch of those MP3s, burned them onto audio CDs, and took them out to clubs.
Most of them still sounded okay, but anything with a lot of bass (i.e., anything really danceable) sounded like absolute ass on a club sound system. The bass came out all fractured and distorted.
The problem is much less noticeable with 192K MP3s, and almost completely absent when I move up to 256K. The bitrate really does matter, and not just to audiophiles with hi-fi systems in their living rooms. Even drunken clubgoers could tell something was whacked with some of my 128K tracks.
The poster summarizes that "government intervention is currently premature because it is unlikely to strike an appropriate balance between the many competing interests at stake."
And this has historically stopped the government on exactly which occasions?
(Not that I disagree. Sure, the government should wait. But I don't think they're gonna.)
Ah, the bad old days. I remember well. Back then, when I was shopping for mobos, one of my criteria was "Does it have the jumper settings silk-screened on the PCB somewhere?" Because if it did, then I knew I'd still be able to configure it, even if the manual got lost.
It wasn't my only buying criterion - or even necessarily the most important one - but it was definitely high on the list.
Funny. If you look at the Google Zeitgeist, you can see a whole lot of more-than-one-word searches. Okay, things like "Jessica Biel" might be considered to be one term, but how about "web hosting", "install windows xp", or "magic tricks"?
Note that there aren't a bunch of searches like "biel", "hosting", "xp" and so on, as we'd expect if people did one-word searches, and then expanded to two- or more-word searches.
The real problem here is that you can trademark a word in common use, like "scholar". Since the ACS did exactly that, roughly 6 years ago, they have no choice but to go after Google (or else have their own trademark claims painfully diluted, or maybe just nullified).
I don't much like what's happening here, but if I were Google, I'd be strongly considering just changing the name of my service. (IANAL, but it really looks like Google will have an uphill battle here.)