Slashdot Mirror


User: mysidia

mysidia's activity in the archive.

Stories
0
Comments
13,354
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 13,354

  1. Re:This invalidates studies of Windows security on Security Firm Reveals Microsoft's "Silent" Patches · · Score: 1

    I don't think it's new, but you see... this is tangible credible evidence that can be cited. Much better than anecdotes from individuals about MS practices.

    It's very rare that MS silently patches something or pretends an issue doesn't exist, and the industry and major publications actually acknowledge that it happened.

  2. They need to replace with immigrant cameras on Arizona Backs Off Its Speed Camera Program · · Score: 0, Troll

    Along the state's southern borders, so they can detect anyone crossing without the proper permit, so they can hold them until someone pays the $100000 fine to release them for illegaly entering Arizona.

  3. Re:Microsofts creative stats has been known for ag on Security Firm Reveals Microsoft's "Silent" Patches · · Score: 1

    Also, UAC is indeed a boundary at the lowest level, hence the requirement to bloody reboot when you change it (can you tell I hate rebooting).

    Nonsense. If the user is an administrator, UAC is not a security boundary. See here:

    Security Boundary: this is a special term to Microsoft. It means that if someone discloses a way to violate a Microsoft-defined security boundary, that Microsoft will release a security patch as soon as possible, so that the method to violate the boundary no longer works against patched systems.

    Administrator running in Admin Approval Mode (AAM): this is kind of a hybrid between An Administrator and a Standard User. You get a split token, which means you have the credentials of both a Standard User and an Administrator, and the right one is applied depending on what is going on.
    ...

    Administrator in AAM: this is definitely not a security boundary. With the Administrator token available in the user’s space, it is too easy for malware to attack something in this very broad attack surface and gain elevation without the user’s approval. Microsoft could not patch this barrier without substantially breaking application compatibility. ..

  4. Safety... on Robot With Knives Used In Robotics Injury Study · · Score: 1

    Seems like with a toy like that in your kitchen and a little firmware hack, your psychopathic ex-girlfriend hacker could have a lot of fun at your expense...

    Especially if the robot's equipped with speech ability to play recording.. "None shall pass!"

  5. Re:Microsofts creative stats has been known for ag on Security Firm Reveals Microsoft's "Silent" Patches · · Score: 1

    A key difference is Mac OS input for Administrative credentials and *nix sudo (which are the same thing), MacOS prompt for an Admin login is essentially a graphical sudo ------

    Is that in those OSes, the elevation is a true security boundary respected by the underlying kernel, and actual user credentials are required to defeat it.

    Whereas with UAC, the 'security boundary' is a soft, artficial one that is easily defeated through various techniques.

    Also, the UAC prompts are required for many routine operations, such that users will get used to clicking OK/Continue.

    In MacOS/*ix such prompts are extremely rare, rare enough to give the user pause.

    Typing in the password also requires considerably more effort and thought than simply clicking Ok.

    Most likely the user will at least see what is prompted for and part of the warning message, rather than blindly clicking OK.

  6. This invalidates studies of Windows security on Security Firm Reveals Microsoft's "Silent" Patches · · Score: 1

    A claim researchers have sometimes made is that Windows has fewer critical security issues.

    That this has come to light raises even more doubt about the validity of such studies.

    This is a demonstration that Microsoft sometimes hides critical security bugs, and doesn't release advisories, even when they have been reported.

    This is Prima Facie evidence that Microsoft closed-source software probably has many critical security vulnerabilities that were never publicized such, and were instead kept secret, and if patched, the patch was a hitch-hiker on top of a lesser prioritized patch.

    Why hide security vulnerabilities, or make them seem less critical? To give a false impression that the software is more secure, and deceive researchers that try to estimate security through blind counting of vulnerabilities.

  7. There's a really elegant solution to this on How Do You Handle Your Keys? · · Score: 1

    Better yet, just leave the key in the lock, then you don't have any keys to worry about carrying around.

    Alternatively

    (1) If the house locks have different keyways, replace them so they all have the same type of keyway.

    (2) Re-key the house locks so the same key opens them all.

    (3) Get a combination lock/finger-print reader installed on your car door and ignition

    (4) Get wherever you need, using only one key

    ???

    (5) Profit

  8. Re:I like beavers on Beaver Dam Visible From Space · · Score: 1

    It happens that destroying useful ecosystems around you that help you survive, in exchange for some temporary profit, is the mark of a non-intelligent species :)

  9. Re:I like beavers on Beaver Dam Visible From Space · · Score: 1

    Nice that it's visible from space though... the aliens could see the beaver dam and think: "Wow, there must be some intelligent life on this planet"

    Hoover dam? Not so impressive, probably a more primitive species.

  10. Re:I like beavers on Beaver Dam Visible From Space · · Score: 4, Funny

    Humans need to stop thinking they are so damn special.

    There, fixed it for you.

  11. I am in favor of .XXX on Pressure Mounts On ICANN To Approve .xxx Domain · · Score: 1

    But not for porn sites. Wasting XXX on such a narrow category as a web site with specific content seems horrible. TLDs are meant to categorize the nature of the organization not the nature of the content

    For example. .COM domains are for commercial organizations, .ORG for non-profits, .NET for networks such as ISPs, and .CC for country-specific sites that are of primary interest to a particular local geographical region.

    "X" is commonly used as a metacharacter, meaning (in place of something else) X is used as a generic symbol to refer to it.

    E.g. In XXX days, we will re-consider your application.

    .XXX seems like a perfect TLD to use when no other generic TLD makes sense and the site is not country specific

    Think of it as a miscellaneous TLD to be used for hodge-podge sites that don't need to identify as a category such as 'network', 'commercial', or 'non-profit', or region/country-specific.

    For instance, NEWS.XXX would be a perfect name for a global news site that covers events from all over the world, and is neither specifically commercial nor non-profit.

  12. Re:American Chernobyl on Hundred-Ton Dome To Collect Oil Spill · · Score: 1

    They don't want to lose the well. Burying it in concrete (if there is a way to do it) would destroy their ability to extract anymore oil from it, they had little reason to research how that could be done. The hundred ton dome lets them still collect oil.

  13. Re:GARBAGE on Oracle Restricts Access To Sun Firmware Downloads · · Score: 2, Insightful

    That sounds futile.. there can be only one IBM. If Oracle even tries, IBM will send their goon squad out, and return home, leaving behind the charred remains of Oracle HQ, carrying the severed heads of the executives and board members.

  14. Re:Sun confirmed it to me on April 9th on Oracle Restricts Access To Sun Firmware Downloads · · Score: 1

    The big question is... does one warranty or contract give you access to all firmware, or just that system's firmware?? Based on the article, I am thinking the latter, and I am thinking that you lose access to your firmware the moment the warranty expires.

  15. Re:GARBAGE on Oracle Restricts Access To Sun Firmware Downloads · · Score: 2, Insightful

    Well, Cisco is basically in a different world. The software is essentially a majority of the value in many of Cisco's products which are software-based routing platforms, sometimes with a few hardware ASICs or specialized ICs thrown in when required (for example, for switching, or carrier grade apps).

    The closest Sun equivalent would be Solaris, but they went another direction... they opened that.. (OpenSolaris)

    If Cisco didn't limit the IOS distribution, by now, there would probably be 3rd party manufacturers making routers that you could load IOS firmware on as drop-in replacement, due to the immense value and basically industry de-facto standard status of the IOS.

    The Cisco IOS software is very unique, enterprise routing/switching equipment isn't a commodity, or at least it wasn't at the time, and it has a very long useful lifetime, in that it can still do its job just fine, and serve a useful role for otherwise lucrative customers, even long after 10 year sales and support EOL.

    Used Cisco equipment would be a very good cost-effective alternative for small/mid-size enterprises to run their network infrastructure with, if they wanted, were willing to forego support, and if the IOS/other updates needed to provide any added features or performance/fixes were publicly available..

    And these people would have little option but to buy brand new Cisco equipment, if not for aftermarket.

    Servers are really quite different...

    Servers have an aftermarket, but they lose value much more quickly.

    A server that was cutting edge 10 years ago, is basically worthless today for new purchases. Whereas a router that was high-end and cutting edge 10 years ago can still have a lot of value in the aftermarket.

    As for the large enterprises that buy most Sun equipment, it would be almost unheard of for them to seek equipment in the aftermarket.

    The most likely reason they would be looking for firmware updates is that they have old equipment doing something important that they cannot or do not want to migrate away from at that point.

    Oh, yeah, and they have an issue related to an old bug in Sun firmware, that they had delayed patching for a long time.

    So... they go to Sun's website... looking for answers, their Sun hardware is being flaky due to a defect, it's out of support contract and Sun won't provide the fix

    IOW, the hardware is going to have to be replaced to fix the issue.

    They will be forced to buy new hardware... but are they going to buy more hardware from Oracle after having this issue, after Oracle denied them access to the fix?

    Are they going to keep support contracts on all their other Oracle servers, and replace them with new Oracles when they reach their 5 year server replacement cycle? Or will they buy shiny new Compaq or IBM servers for a fraction of the price? I think the latter...

    More importantly... when some small business or individual picks up their old server [with firmware-related issues] on the aftermarket sold as-is to get rid of it by the original company...

    What is this going to do to their opinion about Oracle, when they find there is a fix for the issue, but Oracle decided they can't have access to it?

    Well, they will be more concerned that there was an issue in the first place, it makes the manufacturer look bad.

    Arguably, this move could increase the number of old Sun/Oracle servers on the aftermarket and reduce the price they sell for, making the brand look even cheaper than it does today.

  16. Re:Optical light? on Intel Shows Off First Light Peak Laptop · · Score: 1

    But a VFL is the right tool for the job, not a blazing unreliable Torch.

  17. GARBAGE on Oracle Restricts Access To Sun Firmware Downloads · · Score: 1

    This act by Oracle is simply outrageous.

    You see if I ever recommend anyone buying a Sun/Oracle server ever again.

    Not going to happen. I will now recommend all owners of Sun/Oracle servers phase them out as quickly as possible, since Oracle has proven so unreliable.

    And I actually used to prefer Sun's hardware, and recommended them highly...

  18. Re:Bad news for democracy on The FCC May Decide Not To Regulate Broadband · · Score: 1

    Actually, such a revocation exists; it's called a recall election. Unfortunately, they're available only by constitutional amendment, exist in only a handful of states, and the last time we tried one the incumbent got Terminated.

    That is OK for state officials maybe; the burden in terms of number of voters wanting a recall for anything to happen is way too high, much more than 51%.

    Like it's in a representatitve's interests to vote for a bill to allow themselves to be recalled anyways?

    It also won't work for federal government officials.

    For example, you won't be recalling the vice president or members of US congress, no matter what horrible things they might do.

  19. Re:Bad news for democracy on The FCC May Decide Not To Regulate Broadband · · Score: 4, Insightful

    US is not a democracy. I'm not sure what it is -- people run for election to represent the people, they make certain promises, and express what their position is on various issues to appeal to the masses.

    They get elected, and then they vote in a manner that is diametrical opposite to the sales pitch they gave to get elected.

    Because they have a multi-year term, there's absolutely nothing the people they represent can do to revoke or cancel the benefits of having won the election based on their unfulfilled contract with their constitutents, when they start to go wrong.

    Or they 'sell' the choice of how they'll represent their people to the highest bidder. So in exchange for personal favor X, they falsely represent that the people want Y, in order to secure that favor, and they do it on every single vote.

    I compare it to a corporate board of directors hiring a candidate with a 2 year non-revokable contract to be CEO, so the new employee can't be removed, limited, or rendered powerless, as long as they don't do anything actually illegal, and very high salary, based on a 5 minute interview, with very limited background information being available (other than their claimed positions on certain governance issues).

    Of course the moment the deal is done, they can do whatever they want, including managing the company very badly.

  20. Re:Great on The FCC May Decide Not To Regulate Broadband · · Score: 1

    How about you buy a connection from all 3 and a router with 3 WAN interfaces.

    Write a script to measure the latency and throughput you get to each website across all 3 links. Send all your traffic for any particular website over the link with the best performance characteristics.

  21. Re:Let the users decide on FSF Response To Steve Jobs's Letter · · Score: 1

    Of course the philosophy is useful... it lead to the creation of the Free Software foundation.. GNU..

    The GPL... and open source software as we know it.

    The philosophy attracts volunteers.

  22. Re:How prevalent? on Win7 Can Delete All System Restore Points On Reboot · · Score: 1

    Um.... on most REAL unix systems, /tmp is a memory disk, data there gets mapped from memory, therefore everything saved there is stored in either physical RAM or Swap, and goes away at every boot.

    This is what most systems do... Gentoo's use of a persistent filesystem for a temporary scratch space, is ass backwards, and generally messed up behavior.

  23. Re:How prevalent? on Win7 Can Delete All System Restore Points On Reboot · · Score: 1

    The user already decided their intent in selecting the size of the restore area. Don't expect the system to need babying about this.

    And it's not truly an error condition, or even a system event. It is a selection of how much past data to retain, just like your web browser's cache size selection. A notification dialog every time you booted, as soon as you reached the restore point size you had config'ed would be very annoying.

    The clueless users who don't think to set the restore point area size just click 'OK' anyways.

  24. Re:Can you try both methods? on Hot Aisle Or Cold Aisle For Containment? · · Score: 1

    Not all of it.

    Some of the energy will be converted to light or electromagnetic/other waves that will escape the datacenter without ever becoming heat there.

  25. Re:Uh... contradictory? on Arizona "Papers, Please" Law May Hit Tech Workers · · Score: 1

    1x Wrong. I work at a university. Like most universities we have students/researchers from all around the world. Many of the professors (all US citizens) speak with a heavy accent.

    Those would be non-citizens in the country who are required to have papers. In other words, they are suspicious, unless at or near a university.

    2x Wrong. The US does not have an official language.

    Yes it does. English is. English is the language used for all legal and official process in the US. And it's also de-facto the language spoken by citizens.

    Children are required to attend school in basically all states, and lessons are taught in English. Also, noone who is not a citizen goes through naturalization process without taking a civics test in English

    3x Wrong. Not knowing English, ESPECIALLY in the US is not suspicious. I know a lot of communities where English is not spoken (hispanic, chinese, etc.)

    If someone was stopped in one of those communities, than that would not be particularly suspicious then.

    If someone were stopped in a community where that situation was unheard of or not common, then they would validly appear suspicious.