Slashdot Mirror


User: mysidia

mysidia's activity in the archive.

Stories
0
Comments
13,354
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 13,354

  1. Re:oh, that on Apple Forced To Clean Up Its Fine Print · · Score: 0, Troll

    I think you can be free and clear with iTunes on a technicality, as long as the missiles aren't equipped as a weapon and you don't actually intend to launch them.

  2. Re:Proxying the updates on Security Firms Can't Protect iPhone From Threats · · Score: 1

    Which of these meanings did you mean?

    None of them. Wikipedia is incomplete, and doesn't describe the meaning used.

    "Tattoo" in this case refers to the software maker's servers stamping downloaded files with the device ID, that requested the file, in a way that connects them to the account that requested them, and embedding the software's serial number in "hidden" locations on the device it is legitimately installed on.

    For example; some of the files downloaded as part of the update would be encrypted with a key based on the device ID, and then digitally signed with a key only available to the software maker.

    The software update process would be two-stage: first you have to update the program, then run the new version of the program, and use the new version of the program to parse updated datafiles.

    The point misses you. The pirates would hack your app to "allow configurability of update servers".

    It's pointless, because as soon as you update the app, the hack is gone.

    Since the pirates don't have access to the specifications of the proprietary protocol used to transfer the updates, they have no ability to make a server.

    The second someone tried to make a server, the AV maker would get a takedown notice out to the ISP hosting said server.

    And due to the two-stage update process: as soon as the main program executable is updated to be able to read the new version of the datafile format, it will also detect if the control block has been tampered with in attempt to run it on the wrong device hardware ID#.

  3. Re:Proxying the updates on Security Firms Can't Protect iPhone From Threats · · Score: 1

    Then don't allow configurability of update servers, and don't allow a "proxy" to be done. They make the update software, and they're free to use non-standard protocols to transfer updates.

    Require HTTPS to authenticate updates, and tattoo the device ID in the authentication process.

    Also, the update code itself can contain authentications.

    As in, the update process involves downloading and executing a binary specific to every update. One of the first things that binary does is authenticate itself, and the AV program.

  4. Re:F-Secure smells money on Security Firms Can't Protect iPhone From Threats · · Score: 1

    Except requiring a username, password, and registered device id# combination to download updates...

    If more devices than purchases try to login to a specified username, then next update send their AV a code that says "Banned" instead of giving access to files, and the program deactivates itself one detecting it's pirated, and has no access to download updates.

  5. Re:Can't stop the signal on Microsoft Issues Takedown Notices Over COFEE · · Score: 1

    It doesn't matter where their DNS servers are.

    If their domain is registered with (network solutions) as it is, only Network Solutions holds the auth codes for the domain.

    A court can order network solutions to establish a REGISTRAR-LOCK and freeze the domain, i.e. use the ordinary technical means available, to block any transfer attempt.

    And then remove delegations to the DNS servers.

    In this manner, it doesn't matter where their DNS servers themselves are located, once they are no longer authoritative for the domain, DNS queries will no longer be referred to them.

  6. Re:ok on Apple Newton vs. Apple iPhone · · Score: 1

    "Does not" support multitasking for bundled apps? Incorrect, although even those apps are subject to being suddenly terminated if a foreground app needs more memory.

    Sounds like a platform that doesn't care about user data loss or reliability, if background apps are subject to random termination....

    Some types of possible background apps (e.g. pager, or app that polls the monitoring system for your data center to display alerts on your phone), might be more important to you than the foreground app you're playing with.

    For background apps to silently die could be bad; they should allow the user to determine app priority, and provide enough resources to share with background apps in a reasonable way (without random app terminations)...

  7. Re:Can't stop the signal on Microsoft Issues Takedown Notices Over COFEE · · Score: 1

    In this case, it doesn't matter where the website is hosted, since the domain is registered with a US-based registrar, they can always send DMCA notices to the US-based registrar to ask them to "remove the domain name"

    Gotta insulate DNS first.

    If DNS is protected from takedown, you can have servers all over the world ready to step in with a simple records change.

    If not, they just gotta take down DNS, and then it doesn't matter where you put the server, you have to get a new name.....

  8. Re:Of course it's going public on Facebook Stock Going Public? · · Score: 2, Insightful

    It's possible to sell short in an IRA, but it's difficult / expensive to get an arrangement that will allow you to. Buying PUT options might be a better choice for betting against a stock, for a trader, provided you understand the mathematics, the risks, and requirements involved (including such risks as your broker automatically exercising an option at expiration if you fail to deliver notice to leave it un-exercised, or they fail to receive your order in time).

    Generally, most brokers won't just let you as an individual open a margin account using a new IRA with them as custodian. You will probably need what's referred to as a self-directed IRA through a custodian you have paid to allow you the option of a self-directed IRA.

    You will need a custodian for the IRA who is willing to let you do it, and a broker that is willing to allow you to do it, and you open the margin account with a brokerage through that custodian.

    The thing with margin accounts, is they allow you to borrow money, and generate debt-financed income.

    This leads to two issues with regards to the tax and other rules effecting IRAs:

    (a) The IRA is a separate entity, no assets outside that IRA can be used as collateral for the margin debt. So if you massively leverage your IRA account, and manage to get into serious debt... you walk away, the broker has no recourse against you. So the broker will not be interested in opening this margin account, except under strict rules, and if you have loads of cash to invest with them.

    You can't sign any agreement that gives the broker recourse against you for your IRA's activities, or recourse/any use of your income/ assets outside the IRA.

    Any use of resources outside the IRA, for IRA business is referred to as a prohibited transaction, the consequence is severe:

    If the IRS finds out about any prohibited transaction, they'll disqualify the IRA for tax purposes: it gets treated as if you took a distribution of the entire value of the IRA at the beginning of the year the prohibited transaction occured, which incurs an early distribution penalty, and tax is now overdue on any income from the IRA.

    So brokers and your custodian should be very cautious in this manner. Your broker stands to lose money, if the IRA (with potentially limited resources) gets into debt.

    Also, there is this second item, about (b) Debt-financed income.

    Your IRA itself has to pay UBIT (Unrelated Business Income Tax) on what is referred to as the UDFI (Unrelated debt-financed income), if it makes more than $1000 of such income, just like all other organizations exempted from tax under 501(a) and 529(a) (Form 990-T). IRS Publication 598

    Your custodian has to file the 990-T and pay the tax, if it is due. If there is not enough cash in your account to cover the tax, then your custodian must liquidate other assets in it as needed to pay the tax.

  9. Re:hmm on Facebook Stock Going Public? · · Score: 1

    Facebook is definitely no Google. They have been successful primarily due to their rate of adoption.

    They provided unique useful features to attract people (social networking).

    But now social networking sites ala FB are a dime a dozen.

    It remains to be seen how robust FB will be against competition in the long term.

    What value does FB provide to its members that another social networking site is unable to?

  10. Re:A suggestion on Contributors Leaving Wikipedia In Record Numbers · · Score: 1

    I was specifically referring to the comment above... and will be replaced with the final edited version of the page when the controversy ends.

    Often, serious edit wars never mellow out.

    They sometimes explode into a full-blown Rfc. with 5000 pages of discussion that the average Wikipedian doesn't care to read.

    Then sometimes some of the editors who do care to read some small portion of the 5000 page of each advocates' heated "debate" will weigh in, enough to convince an admin about who's in the right.

    They may therefore be able to suppress the person, if they respect and decide to abide the decision they vehemently disagree with, but it shouldn't be confused with the controversy ending .

  11. Re:A suggestion on Contributors Leaving Wikipedia In Record Numbers · · Score: 1

    Articles get rewritten, text gets refactored or moved to a different article all the time. Locking a paragraph permanently is even more damaging than temporarily protecting a page.

    Unacceptable, screen captures of text cannot be viewed by the blind using screen reader software. They cannot be copy and pasted, it's just too inconvenient.

    Also, locking paragraphs is contrary to the basis WP is founded on.

    Past consensus is by design not binding on future editors; consensus changes, people who were editing the article actively in the past move on to new articles to work with, without returning to old articles (that they shouldn't anyways).

    Having been involved in a matter of consensus once doesn't give an editor special privileges for controlling the article forever, and similarly... that a consensus was formed once, doesn't give it weight forever, new consensus can be formed, or a lack of further interest from other editors can allow other choices to be taken.

  12. Re:A suggestion on Contributors Leaving Wikipedia In Record Numbers · · Score: 1

    Sometimes, I think citation needed is a disease. WP has certainly taken 'cite everything' to an extreme, such that almost all the work editors do is look up statements in sources. Even if you're an expert in the subject, you don't get to just type in true things, even if they are common knowledge in your field, some naive editor will challenge you, because it doesn't seem obvious to _them_ a non-expert...

    The earth is round [citation needed]

    2 + 2 = 4 [citation needed]

    The earth exists [citation needed]

    Wikipedia is a free [citation needed] web-based [citation needed] collaborative [citation needed], multilingual [citation needed] encyclopedia [citation needed].

    *The above assertion is POV, because there are a significant number of people asserting that Wikipedia is not free, or not an encyclopedia.

    project supported by the non-profit Wikimedia Foundation. [citation needed]

    and almost all of its articles can be edited by anyone with access to the site

    POV statement, since notable critics assert that many articles cannot be edited by anyone with access to the site, or attempts to edit "by anyone" get rejected or reversed more often than accepted.

    It was launched in 2001 by Jimmy Wales and Larry Sanger and is currently the largest and most popular general reference work on the internet [citation needed]

    *Unsubstantial use of weasel-words contrary to WP style guidelines "most popular general reference work".

    Critics of Wikipedia accuse it of systemic bias and inconsistencies (including undue weight given to popular culture)

    *Inherently POV statement, designed to make it sound as if critics are accusing Wikipedia of something that is specious or not true because they are critics, e.g. The article suggests that only critics set out against Wikipedia make accusations of bias.

    Wikipedia gained early contributors from Nupedia, Slashdot postings, and web search engine indexing.

    Citation needed

    The Wikipedia is constantly edited [CITATION NEEDED] by a wide variety of people with a wide variety of motives [CITATION NEEDED], and inevitably some try to subvert the integrity of the encyclopedia [CITATION NEEDED, WP:OR ??]. Research suggests that, for the most part, these attacks are dealt with quickly [CITATION NEEDED].

    The Wikipedia has a complex multi-layered defence against these kinds of attacks. [citation needed] These include users checking pages and edits, computer programs [citation needed]

    It was made clear that this policy is not up for debate, and the policy has sometimes proved controversial. [citation needed]

    Wikipedia is hosted and funded by the Wikimedia Foundation [citation needed] The Wikimedia chapters, local associations of Wikipedia users, also participate in the promotion, the development, and the funding of the project. [citation needed, original research??] ... ... Some language editions, such as the English Wikipedia, include non-free image files under fair use doctrine, while the others have opted not to. [citation needed] ... for example, the notion of fair use does not exist in Japanese copyright law. [citation needed]

    ...

  13. Re:A suggestion on Contributors Leaving Wikipedia In Record Numbers · · Score: 1

    The page you are now viewing is a locked version of the page as it existed before the controversy started, and will be replaced with the final edited version of the page when the controversy ends."

    On many subjects, the controversy never ends. The editors that vehemently want version X and the editors that vehemently want version Y won't ever get what they want, and the controversy will always be there.

    The only question is.. can the editors at a whole reach a consensus on what the article should properly display, despite the controversy.. (at least until 6 months later when yet another editor comes upon the article and recognizes version X->Y->K are all flawed, and creates version Z, which _is_ really a major improvement, but the editors who want version X and the editors who want version Y are all still vehemently opposed to...

    Causing repeated reversion of the editor making version Z, causing the new editor (who doesn't have such a deep personal involvement in the subject and the article on Wikipedia.. having just made a small positive contribution) to just give up, and leave.

  14. Re:A suggestion on Contributors Leaving Wikipedia In Record Numbers · · Score: 1

    Given the lack of sources describing anything called GNAA, I think it's fair to say that the subject is non-notable, and ill-befitting of an encyclopedia article... i.e. out of the scope of what WP is and well in the territory of What Wikipedia is not (aka an indiscriminate collection of information, regardless of if the subject was encyclopedic or not)

    Someone has got to think there's a good reason for deletion for different people to propose it repeatedly.

  15. Re:"Is this legal" is the wrong question on Bing Cashback Can Cost You Money · · Score: 1

    In many cases they do leave the higher price up. The original price can only be had via coupons.

    You just re-affirmed how the store sale is different (and therefore the analogy is invalid). They still list the HIGHER price publicly.

    And the lower price isn't available to anyone without a coupon.

    That's not what sites that discriminate against Bing users are doing. They are representing that X is their price for the item, where, in fact, it's not -- they haven't honestly shown the additional amount they are charging the customer for being referred to them by bing.

  16. Re:This is on English Shell Code Could Make Security Harder · · Score: 1

    Yeah, it's a better idea, because you can never know what types of instructions might be used to attempt to exploit a string buffer overflow.

    It's impossible to completely prevent a string buffer overflow in advance, and even NX bit can't prevent arbitrary code injection through such overflows.

  17. Re:"Is this legal" is the wrong question on Bing Cashback Can Cost You Money · · Score: 1

    In the grocery store, they don't leave the price of the items at the original low value for people who don't know about the sale.

    Jacking them up and then lowering them for everyone, is not the same as claiming they are on sale, when the prices have been increased only for people who got a copy of the sales paper.

  18. Re:This is on English Shell Code Could Make Security Harder · · Score: 1

    Well thankfully there are people out there who can think of better ways than up to doubling the length of each instruction

    Kind of like there are people out there who can think of "better" ways to keep sensitive data safe without encrypting it when transmitting over an untrusted medium?

    Ways like... just trust noone wants your data?

    The preference would be to make all libraries padded, and allow unpadded code to call padded code but not vice-versa.

    Also, the padding could in theory be made optional if the instruction contains something with a high-bit set.

    However, that's not as secure as inserting a NUL, which helps protect against buffer overflows (due to the use of NUL for string termination in the C programming language).

  19. Re:Instead of complaining, game the system. on Bing Cashback Can Cost You Money · · Score: 1

    Actually.. there's good reason for the alarmism... it will discourage other people from using Bing, when they learn things are made more expensive for them.

    Leaving fewer people to search for deals, once the word spreads... and perhaps better, more gamable deals for us /. users who have the extra time to do all the gaming, and know how to delete cookies and come from multiple IPs :)

  20. Re:"Is this legal" is the wrong question on Bing Cashback Can Cost You Money · · Score: 5, Insightful

    Well, what's illegal is deceptive business practices.

    They claim to be offering a cash back if you utilize Bing, which implies a discount, where in fact, they are charging a higher price upfront to Bing users and creating a deceptive impression that the cash back is providing a discount of their normal price.

  21. Re:"Is this legal" is the wrong question on Bing Cashback Can Cost You Money · · Score: 1

    How about an order forcing them to release the source code to all retail and OEM versions of Windows (including 3.1, '95, '98, ME, XP, 2000, 2003, Vista, 7, MCE), Internet Explorer 3, 4, 5, MS Office 95, 97, XP, 2007, Exchange, IIS, Sharepoint, Visual studio, MS SQL, all components, and middleware with terms no more restrictive than the MIT license?

  22. Re:This is on English Shell Code Could Make Security Harder · · Score: 1

    Sure it would... they just wouldn't benefit from the security feature.

    Much like running 32-bit binaries on a x86_64 chip doesn't get you 64-bit goodness. And OSes that don't support the NX bit don't get any benefit

    It would be up to the compiler to make Secure-Code-protected binaries.

    And the OS in question to set the right CPU bit to require the extra padding, before branching into the program..

    Keeping in mind every program not supporting the bit installed on a system is a security risk

  23. Re:This is on English Shell Code Could Make Security Harder · · Score: 1

    If you've got the ability to market a ********* that won't run peoples old software, and using it makes software slower, take up more memory

    Isn't that what Vista / 7 are?

  24. Re:This is on English Shell Code Could Make Security Harder · · Score: 2, Interesting

    No, it won't be the legacy x86 instruction set.

    But we can call it the "Secure x86 instruction set" or the "Enhanced x86 instruction set"

    Market it properly, and everyone will switch to it, because they think it's faster and safer.

  25. Re:OK this explains a lot on English Shell Code Could Make Security Harder · · Score: 1

    I don't think it's a SlashdotFS but a SlashdotDHT.

    Used for file distribution (DHTs indicating IP address, and such, maybe)

    Or a more nefarios possibility: for botnet command and control / reconassaince. E.g. communications back channel... master node posts on various websites

    But yeah, they could contain shell code, even digitally signed shell code, and we'd never know for sure, I guess.