Slashdot Mirror


User: mysidia

mysidia's activity in the archive.

Stories
0
Comments
13,354
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 13,354

  1. Re:Tell them to reimburse you on Ask Slashdot: Do I Give IT a Login On Our Dept. Server? · · Score: 0

    Then the answer may be... "Sorry, no, we won't reimburse you. We won't add the firewire rules. And we're blacklisting the server's IP and MAC addresses from network access"

  2. Re:Competely reasonable on Ask Slashdot: Do I Give IT a Login On Our Dept. Server? · · Score: 1

    Not only that, but IT is in a position to dictate terms, including requiring a list of people with access, and requiring approval from IT for further configuration changes, new accounts, etc, as they (1) manage the firewall, (2) are responsible for security of the network and sensitive information as a whole, and (3) are responsible for the security of equipment on the managed network.

  3. Re:Obvious question from their perspective on Ask Slashdot: Do I Give IT a Login On Our Dept. Server? · · Score: 1

    Yeah, in the place I work the submitter would be able to pickup that computer at the security desk when they escorted him out of the building.

    After paying corporate accounting for space and power used by the server while it was colocated without authorization?

  4. Re:In my corporate environment.... on Ask Slashdot: Do I Give IT a Login On Our Dept. Server? · · Score: 1

    Only way poster has a leg to stand on is if this thing somehow touches patient info. Then I can see an argument for keeping IT out.

    No.... if it touches production patient info, the professor should probably be fired though, as providing a network service that serves live patient records goes far out of "research", and he would have deployed security-sensitive critical infrastructure using personally owned gear, without implementing through proper channels, proper IT approvals, etc, or he most likely would be in a corporation, regardless of the technical nature of his activities.

    Highly irregular that the first thing IT heard about it would be an 'open this port on a firewall request'; which is basically taboo for anything storing security sensitive info anyways -- proper security design is a major factor, including requirements such as server administrators at arms length from devs of the application and from auditors/security team.

  5. Re:In my corporate environment.... on Ask Slashdot: Do I Give IT a Login On Our Dept. Server? · · Score: 1

    Right. You aren't required to give them a user account on your machine, but they're not required to open a firewall port for you either...

    Not only that, but they're probably not required to allow the guerilla personally-owned "server"'s outbound traffic through the firewall, or to allow your server to light up a port on the switch or obtain L2 or IP connectivity on the LAN.

    Corporate IT security departments generally frown upon personally owned/managed equipment plugged into the corporate network.

    Personally owned equipment acting as a server to provide services critical for a department, is basically unthinkable......

  6. Interesting on Judge Reveals Secret Righthaven Copyright Contract · · Score: 1, Interesting

    Only the right to sue was given, and that makes the copyright transfer bogus, argue lawyers for the Democratic Underground, which is being sued for one of its website users posting the first four paragraphs of a 34 paragraph story."

    So they are suggesting that under Federal copyright law, the 'right to sue for claims of infringement due to X' cannot be assigned without also assigning an infringed right ?

    I wonder what this says about associations such as the **AA which sue people for infringement of their members' copyright works, but the **AA itself doesn't own any of the copyright protected rights to the works....

  7. Re:Due dilligence on Supreme Court To Hear Microsoft-i4i Case Monday · · Score: 0

    They could but they have a chronic shortage of patent examiners and a lack of funding.

    So why not just change the standards?

    Approve all patents; get rid of patent office approving/rejecting patents as in having an opinion about whether/not it is patentable, only collecting research, prior art search, etc, and adding their findings to the patent.

    BUT adjust patent law so the plaintiff for any patent infringement suit has a burden of proof that (1) they had a patentable invention, and (2) the patent was valid, and (3) patents are assumed invalid by default -- the plaintiff must establish validity in court. (Instead of the defendant having a burden to show invalidity if they dispute the patent -- they will be in a position to argue from strength)

  8. Re:Warner on Why Google Should Buy the Music Industry · · Score: 0

    Although it seems these days more and more companies are putting a "poison pill" article in the corporation to help stop most of these types of things.

    So covertly acquire a controlling interest through subsidiaries and replace the board with a board whose first order of business will be to take some votes and cancel all that poison pill business.

  9. The first rule of the TSA is... on TSA Investigates... People Who Complain About TSA · · Score: 1

    You don't talk about the TSA.

    The second rule of the TSA is.... you don't talk about the TSA.

    ...

  10. Re:Warner on Why Google Should Buy the Music Industry · · Score: 0

    at 7.50 a share, it can be had for just a bit more than 1.1 billion dollars... and there is no need for them to 'approve' it

    Time warner has a market cap of 39 billion dollars. For Google to buy them outright, they would have to offer a premium of 5 - 6x that.

    If Google tried to make a run on their stock, by buying from the billion+ outstanding shares, they'd drive the price up, and they need at least 51% of the voting shares in existence to execute a hostile takeover.

  11. Re:Victimless "crime" on DOJ Seizes Online Poker Site Domains · · Score: 1

    The site charges 60 cents a bid. It is so deceptive because if one goes to the site one sees things being bid for at less than 10 per cent of their retail value. One thinks at such a low price maybe I should bid on the product. Now suppose they have a $1,000 product and start the bidding at $1.00. Now most people bid only a penny more each bid therefore after the bidding for the product reaches $17.67 one can calculate that 1,667 people have bid on that product.

    Uhuh... 60 cents a bid penalizes placing multiple bids. That means you should place as few bids as possible to win the item.

    That should mean bidding as much as you're willing to pay the first time, so you only pay once $0.60.

    I'm not sure why most people would be willing to spend $0.60 to only add $0.01 to the bid, that doesn't make sense -- to be willing to spend so much to bid with such a small increase in price, and such a high probability someone else is willing to pay at least $0.01 more for it.

  12. I love the idea on Why Google Should Buy the Music Industry · · Score: 0

    But for some reason, I think the regulators would never approve of Google buying ALL the major record labels.

    The problem is they are concerned about creations of monopolies or use of acquisitions for anticompetitive practices.

  13. Um... on Skype For Android Can Leak Data To Malicious Apps · · Score: 0

    That allows another potentially malicious app to know everything about you that Skype knows (contacts, history of whatever you've chatted about or who you called,

    News flash. Malicious apps are not constrained by file permissions.

    If your device is pwn3d by an app, nothing Skype does can really protect you.

    How come there wasn't an article about how Windows PCs can leak data to malicious applications? The same flaw exists in Skype for Windows. Nothing stops KeyloggerXP (or whatever) from gathering all info entered into the PC that it wants, and all files in the user's profile are (of course) owned by the same user, including the skype files, and malicious apps can change file permissions anyways, and defeat other security (by way of privilege escalation).

  14. Re:So which is which? on Asia Runs Out of IPv4 Addresses · · Score: 0

    First thing that will happen is RIPE, ARIN, AfriNIC and LACNIC will suddenly get more customers and people from Asia will just IP-addresses from an other RIR,

    No. The RIRs have a policy of only issuing IP addresses for networks in the region they serve, they definitely check your organization's papers before you can even ask for IPs.

    And there is no provision or option to transfer an allocation between RIRs. If organizations were allowed to RIR shop, they could evade their region's policy.

  15. Re:So which is which? on Asia Runs Out of IPv4 Addresses · · Score: 0

    APNIC allows private parties to transfer addresses at will without the recipient having to justify anything or show they need/use the IPs being obtained.

    By the way, APNIC is the only region with such a liberal transfer policy.

    And it's caused other problems with the rest of the world trying to agree on a global policy for what to do when addresses are returned to IANA.

    Because the folks in the APNIC region refuse to accept the idea of a "global reclamation pool" of returned addresses if there is a restriction on transfers of addresses allocated from the pool.

    People in all other RIRs demand restrictions on transfers. APNIC is the one RIR that can't agree, and agreement of all RIRs is required to pass a global policy.

    So the result.... so far: is there is no reclamation pool. If addresses are returned there is no policy provisioning for IANA to collect and re-allocate addresses.

  16. Re:What they should do... on Google Sends Repeat Infringers To Copyright School · · Score: 1

    Is force copyright owners who flag videos for no reason whatsoever to watch that as well.

    They removed 'copyright' as a reason for flagging a video a long time ago. Only the rights holder is allowed to flag potential copyright infringements, and (I believe) YT will remove the video, no questions asked.

    Translation/End result: the rights holders can remove any video they don't like.

  17. Re:Founding Lesson on Google Sends Repeat Infringers To Copyright School · · Score: 0

    Hey now, no author will write a book unless they and their family will be able to profit from it for their life plus 70 years, its true, just look at history before copyrights lasted that long, no books were ever written.

    Not only that, but there were no music albums either, TV programs, movies, DVDs, etc.

    Thanks to copyright, we have DVDs. If we got rid of lifetime copyright, we'd go right back to that time when there was no music, movie, DVD, or TV.

  18. They should use this link on Google Sends Repeat Infringers To Copyright School · · Score: 2

    To professor Eric Faden @ Bucknell University's video, A Fair(y) Use Tale

    As their copyright school

  19. Re:unprecedented? on DOJ Gets Court Permission To Attack Botnet · · Score: 1

    Actually it does. Police routinely cordon off crime-scenes during an investigation.

    Cordoning off the scene of a crime != Seizing innocent people's property.

    Last I checked, the police don't come by with a heavy loader, pack up the building/office, and ship it to HQ; leaving the owner with a piece of bare land and no shelter, for months/years, until they are done with their investigation.

  20. Re:unprecedented? on DOJ Gets Court Permission To Attack Botnet · · Score: 1

    But you are the one who neglected computer security. I don't think you deserve a penny.

    No. You are the one whose security was defeated by a criminal. You can fix the server, just like you can fix a building's Window after a break-in.

    That doesn't give police the right to seize your office pending another burglary attempt (without providing you fair compensation as required by the 5th amendment in order to take/hold your private property for public use.), even if it is suspected the burglar might be using your office as a rendezvous point with his other criminal buddies.

  21. re: "Temporary" brain changes lead to learning on Temporary Brain Changes Lead to Accelerated Learning · · Score: 2

    I would imagine... as long as the brain you are replacing yours with comes from someone smarter than you, it should learn faster.

    Another probable outcome not mentioned in the article as tested was the body that received the changed out brain probably lost all the advanced things learned previously.

  22. Re:Anyone up for making a few new DNSBLs? on 'Scrapers' Dig Deep For Data On Web · · Score: 1

    Listing Firefox/MSIE in robots.txt also wouldn't do anything because those are browsers, not web crawlers, so they don't have to even acknowledge the robots.txt standard.

    Shouldn't effect users.... but I was thinking some of the 'evil bots' might be using an API/framework for making bots, where they supplied the fake UA field to, and that framework might be so gracious as to _force_ the bot application developer to comply (?)

    I was also wondering if FF/MSIE might have some auto-crawler features that would be subject to robots.txt.... such as selecting 'save a web page complete' which normally crawls the page and all its dependencies to capture them.

    Also.... any link pre-fetching technology is crawling, since the human didn't select the web page to be shown yet, by definition; any pre-fetching of a link disallowed in robots.txt would be breaking the robot exclusion conventions.

  23. Re:unprecedented? on DOJ Gets Court Permission To Attack Botnet · · Score: 1, Interesting

    What is the price of one piano compared to the terrible crime that's been committed here?

    Negligible. I say it's fine as long as the feds 'return it' expeditiously when they are done and make certain the owner is fully compensated (erring on the side of overcompensated) for any loss incurred.

    For example, if the servers were required to generate $1 million in revenue a day; I would expect the owner to be paid $1 million + 10% for every day the revenue cannot be generated because servers are impounded by law enforcement or not returned to the owner, and repaid any lost long-term revenue caused by the outage.

  24. Re:Anyone up for making a few new DNSBLs? on 'Scrapers' Dig Deep For Data On Web · · Score: 1

    The most interesting I've come across so far is Wikipedia's robots.txt file [wikipedia.org] which has comments for every disallow or series of disallows.

    Well.. it bothers the hell out of me that I can't Google VfD/Afd/Page for deletion Articles on Wikipedia, because a few people were annoyed there were VfD articles about their nonnotable vanity page on WP. Wtf are the Wiki people thinking? Sometimes interesting points arise in a discussion, and it would be useful to be able to search those discussions in the future, since they're so massive.....

    That's great for the user-agent fields of known bots. Unfortunately, it doesn't contain an IP address banlist. Something tells me they don't bother too much about IPs of bots that don't honor and use generic user agents.

    I wonder if anyone's tried listing Firefox/MSIE in robots.txt Disallow entries... does that hurt any bots without impacting human navigation?

  25. Anyone up for making a few new DNSBLs? on 'Scrapers' Dig Deep For Data On Web · · Score: 1

    Known robots, and scrapers

    IP addresses that do not honor /robots.txt.

    and IP addresses that robotically submit spam on robots.txt disallowed HTML feedback feedback forms

    Much web scraping can be automatically detected.

    Sites like Facebook/social networking sites are perfect places to trap/detect scrapers, if they would be willing to contribute to a DNSBL