Slashdot Mirror


User: mysidia

mysidia's activity in the archive.

Stories
0
Comments
13,354
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 13,354

  1. Re:Serial Ports.. on Will the Serial Console Ever Die? · · Score: 1

    That's because it's a cheap-as-free consumer level device. Oh, and your modem might actually have a serial debug port, but not for your use, it can be hidden from you (hidden by covering it, making it have a different format logic levels, etc. In some cases, you have to literally open the shell on your modem, pull the board out, and solder or attach a header onto certain points, to get access to the serial port

    And consumers have no use for those RS232 ports anyways -- it either works out of the box, or they send it back, generally.

    Out of band management is pointless in a consumer's environment, they always have physical access to the device, so there's a cheap alternative, a "reset to factory" button to just wipe memory clean, if that doesn't work, it's cheap, go buy another.

    By the same token, most cheap-as-free switches consumers buy for their networks aren't manageable at all, or only BUI, no CLI.

    In datacenters, serial ports are basically a must for this gear. For providing out of band management, and troubleshooting issues when the inband network is experiencing an issue. In some security sensitive environments, serial port is the only management that is kept enabled.

    In a pinch, a desktop or laptop might be used to plugin to these things... but usually a Serial Conentrator (also known as a Serial Console server or Serial console switch) is used.

    Which is basically a device with 48 RJ-45 jacks on it, and each one is a serial port, that gets patched in via Cat5 cabling to the devices being managed out of band.

    And probably is accessible over both IP and dial-in from some modems.

    User connects to the device, and from there, the authorized user can access the serial port tied to any server or network device via reverse telnet.

  2. Re:Sweet spot on The Awful Anti-Pirate System That Will Probably Work · · Score: 1

    Unfortunately, no protection kit is 100% guaranteed. It is possible the SDK will fail, and leave you unprotected at a critical moment.

  3. Re:Sweet spot on The Awful Anti-Pirate System That Will Probably Work · · Score: 1

    Isn't that extortion?

  4. Re:Sweet spot on The Awful Anti-Pirate System That Will Probably Work · · Score: 1

    The solution's still the same...

    Ether or Duct tape will do.

    Earplugs, pretending not to listen or pretending to be too busy with something may also work, with some caveats.

    Also, get 'stopping at the bar' made a mandatory work function.

  5. Re:So what? on US Government Poisoned Alcohol During Prohibition · · Score: 1

    Hm.. interesting... in that case, they are still poisoning it now.

    I guess that means the experiment was deemed a success?

    Considering the industrial alcohols sold today are always denatured in the manner of adding ethanol.

    And the denatured stuff is included as an alternative to use of pure ethanol in lots of products... including toothpaste

    And lots of cleaning products.

    I wonder if we can blame the government for every single child death due to some kid imbibing a methanol-containing cleaner....

    After all, if it was just pure Ethanol, they probably would have been ok.

  6. Re:So what? on US Government Poisoned Alcohol During Prohibition · · Score: 2, Insightful

    You mean someone drinking two known poisons, and the potential to be drinking a third unknown one?

    The two known poisons are... Ethanol and Methanol. Ethanol being esp. poisonous mainly in large quantities, but also having effects in lower quantities (such as liver damage when imbibed over extended periods).

    In basically well-defined quantities.

    And then someone quietly slips a third in.

    In what way should the poisoner not be held responsible in that case?

    If evilguy sneaks a drug in your beer, the court won't agree with evilguy that since you were technically already drinking something poisonous that was bad for you (Ethanol), that it somehow makes your addition harmless, or makes evilguy less culpable for the result.

    The thing is evilguy has taken control away. If someone wants to deliberately imbibe a certain poison, OK, the maker can't be held responsible for that, as long as they are up front about the content and the risks.

    But slipping in additional ingredients solely to poison is a different matter altogether.

  7. Re:Methanol on US Government Poisoned Alcohol During Prohibition · · Score: 1

    They weren't drinking straight methanol, they would have died quickly. It was ethanol that contained an amount of methanol, i'm sure.

    Probably a very unpleasant experience, but not as bad as having the government deliberately submarine them by quietly adding stronger poisons, or even changing rules to require higher concentration of methanol.

  8. Re:So what? on US Government Poisoned Alcohol During Prohibition · · Score: 5, Informative

    The bottles were marked poison before the government started doing this, because the industrial alcohol IS poison, even before the government started meddling.

    To avoid the excise tax on liquors, industrial alcohol has to have methanol added to it.

    The mathonal makes it even more toxic than ordinary ethanol, and unsuitable for drinking. But is required for it to be tax exempt.

    Anyways, the issue is during the prohbition, some people were already drinking that unsuitable stuff. They were desperate, they were (probably) addicted, they took what they could get. So a lot of people were drinking this (a bit) industrial alcohol containing some [probably small] quantity of poisonous methanol.

    So then the government' comes up with this "solution" is to make the stuff more deadly.... swiftly and quietly...brilliant!

    Just because they didn't keep it a secret doesn't mean everyone automatically knew about it.

    Or even that they had a good alternative.

  9. Never underestimate the ingenuity on The Awful Anti-Pirate System That Will Probably Work · · Score: 1

    Of crackers...

    If it needs an outside server to save games, they may very well make an outside server-to-save-games program. And patch the game to contact the local server instead.

    They might not normally go through the trouble.

    But... some of the people now who hate the DRM and want to break it will be legitimate customers who never intend to actually pirate it.

    IOW, they now have an itch to scratch. If enough of those legitimate customers are sufficiently annoyed by the DRM but like the play of a game enough, Ubisoft has manufactured a reason for them to work on the problem.

    Requiring a constant internet connection is a major annoyance for the legitimate customers, and so, there may be lots of hackers working on this problem.

    Lots of hackers who are skilled at reverse engineering protocols, since they see Ubisoft as basically "creating a challenge for them" ("Unbreakable DRM, you say?" Hah! sounds like a day)

    So IOW, no, I don't think it's correct that it will work, necessarily.

    Just depends on how much real dependency on the server is there, how complex the interactions are, and how good/how popular the game is.

  10. Re:Sweet spot on The Awful Anti-Pirate System That Will Probably Work · · Score: 1

    That would be a violation of the DMCA and get you some very strongly worded letters from lawyers demanding take down, and possibly you would be prosecuted due to the prohibition against dealing in circumvention technology.

  11. Re:Sweet spot on The Awful Anti-Pirate System That Will Probably Work · · Score: 3, Insightful

    It is definitely popular enough to write viruses for.

    The thing is, its userbase is predominantly populated with more people who don't fall for stupid tricks.

    Example stupid tricks:

    "Post a web site that displays animated GIFs of a virus scan followed by, YOUR COMPUTER IS INFECTED!! Download and run this program to fix!!!" or "Download and run this .SH file and pay $69.99 to fix!!!"

    Example stupid tricks: "Please type your root password into this form, click OK, click "Allow" when prompted by the security thingie, and software installation will begin"

    Example stupid tricks would be: "Click here to download and run this 'codec'. When prompted, type your root password"

  12. Re:Sweet spot on The Awful Anti-Pirate System That Will Probably Work · · Score: 1

    All that means is you don't have a good virus scanner or trojan scanner. Or you don't visit that many torrent sites...

    Or you never have downloaded software, EXE files or .MP3.EXE files from torrent sites...

  13. Re:How? on Microsoft Wins Windows XP Downgrade Lawsuit · · Score: 1

    Ah... it just really reflects.. Home users aren't MS' target customer, but a marketing channel.

    A year and a few month ago.. no issues or fees when contacting our vendor and placing an order for a bunch of Laptops with XP on them.

    If anything, the total price became less not more after Vista was released, when the market got flooded by all these high end "Vista ready units" which were higher spec'ed equipment than what you'd buy to run XP on in the first place...

    I'm guessing the 'downgrade fee' was something for Home edition users buying very low volume to contend with?

  14. Re:Feature, not a bug. on GoDaddy Wants Your Root Password · · Score: 4, Interesting

    Two things... (1) of course they can determine that after logging in with the credentials.

    (2) Godaddy is using fricking Virtuozzo as their VPS hosting platform right?

    They technically then don't NEED the root password at all if so.

    In theory, they could 'vzctl enter' a customer's VPS from the host node. To be clear: _entering_ a container, spawns a new shell child process with the customer's VZPID, such that the child shell is actually created inside the customer's VPS.

    Now there might be some reasons they wouldn't want to do this, or that they'd want to wrap that in additional layers.

    Well, the reason is entering a VPS from the host node potentially places the VPS they have entered in control of the user's terminal.

    That could in theory be a security risk to GoDaddy's own system.

    So by getting the VPS root password, they can enter the VPS over the network, instead of through the hardware node.... thus, not ensuring a VPS can never have control over a terminal logged into the hardware node.

    Basically, this is more sound security wise.

    Anyways... there definitely doesn't seem to be anything wrong with GoDaddy gaining access to a customer VPS on an official basis, for good reasons, to investigate possible customer abuse or malware.

    As long as they follow professional standards, respect customer privacy completely, do not conduct any abuses, such as stealing leaking info, or gratifying personal curiosities (IOW: no abuse whatsoever) -- basically everything you would expect from an admin of Gmail or Yahoo mail (as in not reading your e-mail and using it for personal uses, to satisfy curiosities, blackmail you, etc...).

    Oh yeah, and that they exclude any utilization they generate from the customers' bandwidth / resource bills.

  15. Re:They physically own the box on GoDaddy Wants Your Root Password · · Score: 1

    Well, I understand why he'd want to delete it. But a password expiration should be used instead, and it shouldn't be removed until a period of time when it is no longer going to be frequently needed.

  16. Re:FUD on The Future of OpenSolaris · · Score: 2, Interesting

    Extended support is not standard support, and not available under the same terms as the original support agreement. You can always attempt to negotiate with a software vendor to provide you support for an EOL product, if you're willing to pay enough extra they will do it.

    Microsoft releases SOME security fixes for wormable/remote code-execution issues for free, but not other bugfixes. And they are releasing these as a good internet citizen, not to provide general support XP users.

    Examples of security bugs they won't patch are remote DoS MS doesn't think will run arbitrary code: Evidence MS09-048, Frequently Asked Questions (FAQ) Related to this update:

    If Windows XP is listed as an affected product, why is Microsoft not issuing an update for it? By default, Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2 do not have a listening service configured in the client firewall and are therefore not affected by this vulnerability.

    Another good example of what they won't do is release an update to fix 'daylight savings time' again if the US government changes the rules again this year or next year.

    Customers who prefer to have a hotfix may be able to purchase DST updates for affected Microsoft products in Extended Support via an Extended Hotfix Support (EHS) contract. A single fee of $4,000 covers all available DST hotfixes for the current calendar year.

    In other words, you have to sign up with the extended support and pay the additional fees per system for the extended support, AND in addition to that pay $4000 to get the DST fix.

    At this point you are not getting standard, general, or common support for your product. You are paying/contracting Microsoft to do something for you on an individual basis.

    If you pay them a big enough amount of $$ as in millions, or billions, they'd probably be willing to make DOS 5.0 or Windows 3.1 patches for you.

    But that's not what we're talking about... Sun's web pages indicate the general support is ending, and Windows XP general support is over and done with.

  17. Re:FUD on The Future of OpenSolaris · · Score: 1

    Mainstream support for XP ended in 2009. No new features. No bugfixes. No patches except for a very small number of items deemed by MS to be critical security issues as in wormable remote code execution (almost all newly found holes in XP security-related or otherwise will never be patched).

    Only pay-per-incident (very expensive) assistance and paid critical fixes.

    Mainstream Support for Business and Developer products will be provided for 5 years or for 2 years after the successor product (N+1) is released, whichever is longer.

  18. Re:FUD on The Future of OpenSolaris · · Score: 1

    Nonsenese.... if you install (a Supportable) version of OpenSolaris and buy support. Make sure your contract includes support for your version for a long enough duration.

    You know, Microsoft doesn't support ancient EOL OSes like Windows NT or Windows XP, either.

  19. Re:Have you ever travelled on 520? on Gates and MS Don't See Eye-To-Eye On CO2 · · Score: 1

    For instance, why didn't the ad state that there were 5000 MS employees and x other persons. Is it because only MS needs this bridge?

    Obviously MS believes someone else wants or needs it, otherwise they wouldn't pay $100000 for an ad in a newspaper.

    Surely they have more efficient, less costly ways of communicating certain things to their own employees.......

  20. Re:Did the submitter RTFA? on Gates and MS Don't See Eye-To-Eye On CO2 · · Score: 1

    There's only one other bridge across the lake, but both bridges are cram-packed during rush hour now, so that other bridge can't take the additional cars.

    Additional congestion due to only one bridge to take means more carbon usage.

    It sounds like they need 3 bridges instead of 2, or one really big bridge :)

  21. Re:Wait a sec if they take different sides on Gates and MS Don't See Eye-To-Eye On CO2 · · Score: 1

    We can oppose both sides.

    We favor the bridge design, for our own reasons.

    And we oppose attempting to cutting carbon emissions down to zero, also for our own reasons.

    You see? We can have our cake and eat it too. There really never was any dichotomy.

  22. Re:Terrible Title & Summary on Gates and MS Don't See Eye-To-Eye On CO2 · · Score: 1

    Microsoft is mostly against it because it highly affects their employees in a negative way. It means more lates, or more inconvenience. Will the CO2 offset from more buses balance out the increased amount created during its upgrade? Who knows.

    And it depends on the rate of adoption of electric/hydrogen cars, whether the redesign/rebuild even ultimately has much in the way of benefits :)

  23. Re:Well... on How Banker Trojans Steal Millions Every Day · · Score: 1

    The problem is that a signficantly-nonzero percentage of users are forced to use proxies where the IP address can (and does) change from request to request (and remember, a single web page can generate dozens or hundreds of individual http requests

    Wait, we're talking about two different things here.

    For bank accounts authenticate the transaction

    For video games, authenticate the login.

    Its not like your IP address can just change while you are in the middle of playing a real-time MMORPG that requires a continuous connection to the server

    Any interruption or change of IP results in a logout

  24. Re:Well... on How Banker Trojans Steal Millions Every Day · · Score: 1

    I'm sure it's just a variant of the SecurID algorithm. What they don't do though is have you plug the token into a USB port on your computer and display info on the LCD screen such as "what IP address you are logging in from", before you enter your code.

    So in theory... if someone MITM'ed your session. You typing your code in just got the bad guy into your account.

  25. Re:Well... on How Banker Trojans Steal Millions Every Day · · Score: 1

    The physical token needs a second piece you plug into your computer, so that the details of the transaction are displayed on an LCD screen present on the hardware token.

    To complete the transaction, you plug in the token, read the transaction details off the token's LCD display and click a "confirm" button on the token which sends a ticket to the computer it cannot decrypt, to be sent along with the transaction.

    A "confirmation code" is displayed on the token, which you are prompted to type into the website, and click "Ok" before final entry of the transaction.