Slashdot Mirror


User: Billly+Gates

Billly+Gates's activity in the archive.

Stories
0
Comments
13,460
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 13,460

  1. Re:How to run java on the intranet safely on Oracle Knew of Latest Java 0-Day Security Hole In August · · Score: 4, Informative

    You can setup IE to use java internally on intranets only.

    Instructions are here and is a must in 2013 for any IT support professional! They can still have their netmeetings and be secure at the same time. IE has security zones under preferences. One for Internet, another for intranet if you fiddle in the options. Under Internet disable java scripting, note this is not javascript. Under intranet enable java scripting.

    Instructions for enabling java for intranet security zones only in group policies are here.

    After that all your users are safe and they can still run their shit ERP apps and Netmeetings. At least this is a temporary solution until they upgrade their software as I agree. Internet wise there is no reason to run it except for a few banks.

  2. Re:Time to just remove Java (and Silverlight)? on Oracle Knew of Latest Java 0-Day Security Hole In August · · Score: 4, Informative

    Silverlight is at least used for NetFlex and is much more secure and updated by MS.

    Java is insanely popular with old IE in the enterprise market. Banks which support Chrome and Firefox for us with consumer banking sometimes only support IE 6 - 8 with Java 5 (no I did not mistype that) for corporate customers where security exploits are used in java so accountants can put ole excel spreadsheets inside their browser for the bank to see.

    Apparently these banks have not discovered javascript yet and tools to read excel docs and reformat them internally. I guess many corps still use excel 2003 with binary data in their .xls files unlike .xlsx which make reading and parsing harder.

    Anyway, this is who heavily still uses it.

  3. Excuse to upgrade shitty intranet apps? on Oracle Knew of Latest Java 0-Day Security Hole In August · · Score: 5, Interesting

    I use java solely for Eclipse development but I do not have the plugin installed on my browsers.

    The people at work who still cling to IE 6 and IE 7 also are stuck in Java land and is the sole reason why XP is still alive kicking and screaming. Many still use NTLM version 1 security pre 1999 that can crack any account on AD because these apps wont work with anything newer than 13 years old!

    With the department of homeland security recommendations perhaps we can finally move on and get rid of these dinosaurs that are a liability to our employers.

    Shame on Oracle.

    Java had such high hopes and Sun fucked up royally too beforehand. If Java could have native .exes and kept being updated perhaps it could be as good as .NET and we could all run Linux with our cross platform natively compiled apps in such an alternative universe.

    Besides a few limited uses for mainframes I think it is time we said goodbye and put it to legacy ala Cobol 2.0? The question is what next? ... not language wise but richness in api wise and frameworks which is why .NET and Java are liked for complex 3-tier enterprise platforms.

  4. Re:Give them a kick up the ass on Thousands of SCADA Devices Discovered On the Open Internet · · Score: 1

    Nope they will just fire the IT guy for not securing. No change there as management feels other cost center IT guys can do it just fine and their reports are more important.

  5. Re:Security by stupidity? on Thousands of SCADA Devices Discovered On the Open Internet · · Score: 2

    One factor that caused it. Management!

    They are now used to checking their nuclear powerplant controls from their iphones (ok maybe that example is exgerated to make a point ... I hope!) If you now make it secure they will throw a hissy fit if they can't get their reports.

    They will call IT to put it back on the internet to fix it. Once the cat got out of the bag it is hopeless. ... 2 factors.

    The sales team sold it and told their engineers to include it too so they can sell more units. This was the selling point to upgrade and the sales people at the various SCADA makers will THROW A RIOT if it is not included as MBAs will buy from someone else who will let them do this if they wont.

  6. R I G H T on Samba: Less Important Because Windows Is Less Important · · Score: 0

    I am sure corporations are lining up hands over fists demanding to get rid of their stable Windows Servers that just work for something that is strange to them from a bearded guy who talks about how evil is for companies to make money selling software.

    SMB exists in the corpoare environment only so this is a non issue outside the office. Windows Servers are serving business clients. Last I checked they all use Windows and have no plans to change. Consumers maybe switching to tablets for non work related tasks but they do not use Windows Servers at home. Apache, NGIX, or Java pages work as well as IIS for them.

    I see no drop in demand at all. Maybe in 6 years as corpos are typically 5- 8 years behind the times start switching to IPADs with keyboards maybe Samba might have a point. But that day is not today.

  7. Re:Lets put it this way on Ask Slashdot: Are Timed Coding Tests Valuable? · · Score: 1

    "Do you want to work for a company that values hiring its employees on whether they can write code under pressure? No properly managed tech company should ever have a culture of stressful, high pressure, time based code development.

    "

    Wow, what world do you live in? The one I am in the MBA's got rid of that and have 1 guy do the work for 4 people during the last Great Recession and kept it that way. It doesn't matter what the field is. If you do not not work like a dog and put out fires all day you lose your job. No vacation, no getting sick, 12 hour days at least a few a week, and no bonuses.You are a cost center after all.

    I think your company maybe a gem not under shareholder pressure.

  8. Re:I dunno... on Ask Slashdot: Are Timed Coding Tests Valuable? · · Score: 1

    I learned C and Java when I was in school which started at position 0. I replied with x === 5, I changed the code right before I posted and forgot to put that. My bad. I of course would convert the syntax to javascript before submitting.

    I am not a programmer by the way. After reading the replies of people using print statements I just had to chip in. You are right I did it with any size and the swapping might be more difficult to read, but if I had only 5 minutes to do it this is what I would have done.

    If a non programmer can do it so can someone else can. Or maybe I should take these programming jobs if applicants are really that bad as I can do something ok even if it is not super duper optimized. Mine is easier to understand but just my own opinion on that.

  9. Re:We found that broken code was a better test on Ask Slashdot: Are Timed Coding Tests Valuable? · · Score: 1

    Most people have bills to pay and you can be sued for slavery (free labor) from some gohappy lawyer.

    A simple test for SQL or logic an weed people fine. If they can handle something logically in 10 minutes then they probably can solve bigger problems in the timelines required.

    Look at the brightside of this? Many without CS degrees are filtered out who do know how to write basic structures. A test can show someone who works helpdesk with just a busines MIS degree who took coding and is good at it over some asshat who is senior level due to him being hired in 1999 and getting experience but not being good.

    Too many underpaid and underappreciated workers mixed with overcompensated and underqualified. It is time to even it out morel.

  10. Re:Insulting but necessary on Ask Slashdot: Are Timed Coding Tests Valuable? · · Score: 1

    If you owned the company and put your life savings, retirement, home/cars on the line for colateral for a smalll business loan for a startup I think your opinion would drastically change!

    The world does not revolve around you or the workers. Only the owners and shareholders. The best way to get a job is to only focus on the owners wants and needs and forget your own. That is how the world runs.

    Most good employers will test relevant information. I did flunk one interview quiz where they had a bunch of words together and I was supposed to find the synonym or similiar phrase. They got harder and tricky in the end and sets of numbers where I had no calculator and I had to predict a pattern very very fast! This was for a unix help desk job at an ISP so I have no fucking clue why I was asked these things so your mileage varies.

    I felt insulted as a result of that and being rejected but they did not even want to look at my resume until someone passed it. The job went unfilled for awhile as they complained they can't find enough qualified candidated. Maybe they got them in India?

  11. Re:If you put your life savings on Ask Slashdot: Are Timed Coding Tests Valuable? · · Score: 1

    Yes, but -- as a senior programmer -- giving me a test at this level basically is insinuating that my resume is full of lies. If a potential employer is starting our potential relationship by accusing me of being a liar, then that's not a relationship that's going anywhere.

    Lets turn the tables.

    Lets say you worked your ass off for 10 years to save $300,000 with your buddies to start your own company. You need some help and a senior level programmer is essential to sink or float your startup.

    Would you just hire someone with a resume of stuff? What if he did have those qualifications? How do you know he wont sink you, destroy your marriage, retirement, and lose your home which is in co-lateral for the business loan? No, I am not exgerating either if you ever owned a business! If you want to make it the costs are astronomically huge and risky.

    The world does not revolve around the employee. If you are hot shit then you can pass the dumb test. If not then you are rejected and I do not care about your experience and I feel if you were in the others shoe you would give otu the test as well to save your assets.

    Not all of it is a startup, but come one employers have a right to look after their own interests and shareholder/owners money. A bad coder cost a lot more than a bad fastfood worker to fix and fire. It is best to filter before you talk to them.

  12. Re:I dunno... on Ask Slashdot: Are Timed Coding Tests Valuable? · · Score: 1

    I am not a professional programmer, but even I would write a simple bubble sort with abunch of if and statements.

    I think your issue is not that people are incompetent, but rather since programmers are in demand again after 2001 that people are not bothering. They know if you give them a test they can walk to someone else who wont. When job searching I hate filling out job applications and tests that are an hour to do, when I can hit 6 at one time instead.

    That are maybe there are incompetent people. All I know is I could not find a programming job when I graduated and had to do other things instead but even simple structures can do this.

  13. Re:ARGH x ==5 on Ask Slashdot: Are Timed Coding Tests Valuable? · · Score: 1

    I retyped that as I declared them in the do/while. Pretend I set x ==5 before I mailed you my solution.

    Did I loose my geekcard?

  14. Re:I dunno... on Ask Slashdot: Are Timed Coding Tests Valuable? · · Score: 1

    That is not an efficient way. You are just printing the results that are preknown.

    To solve it programmically I would: // create arrays and variables for loop conditions
    oldarray [4] = [1,2,3,4,5]
    new newarray [4]
    x == 0, y ==0 // use a do/while loop or similiar structure in javascript with a deincrementing loop to put the values from oldarray to newarray in reverse order
    do while ( x => 0, x-- )
              do while ( y++) // this increments up starting from position 0 to 4 in newarray to assign each value
                        newarray[y] = oldarray[x];

    I would of course convert the syntax to javascript as you can tell this is kind of c style pseudo code. As X deincrements Y increments so the data is copied in reverse. How did I do?

  15. Re:It is called WIndows 7 on NTLM 100% Broken Using Hashes Derived From Captures · · Score: 1

    You worked in corp IT and you think it is as easy as flipping a switch to make the change? Unlike the home enthusiast who doesn't mind learning the in/outs of a new OS many corporate users are task focused. The computer is a tool the same as a phone. For better/worse those users have no more interest in how the computer works than I have in the innards of my car's manual transmission. As long as it works I'm happy. If it doesn't I see an expert. You may consider the change from Win XP to Win 7 to be minor but for millions of corporate users any change can be huge and require training which is a double whammie of cost and lost productivity time. From a TCO perspective it is much cheaper to patch and manage than upgrade. The benefits of Win 7 are intangible to the end corporate users.

    13 years is not the same timeframe as flipping a switch. From a TCO being hacked is very high as well as all sorts of security issues and not being able to log onto vendor/client portals, not being able to read Photoshop, autocad, and office 2013 files from users and other vendors, suppliers, and customers. XP already is getting more expensive to maintain than to keep current and it will get worse and worse.

    As an IT professional it is your responsibility to keep your infrastructure secure and up to date. If shit happens from this exploit (one out of other examples) whose head will be on the chopping block? YOU!

    THerefore, it is your job to go over the risks and do not tell me users do not know how to use Windows 7? It is similiar to XP, and users have been using it at home now and its Vista cousin for years as well. Do your job!

  16. Re:It is called WIndows 7 on NTLM 100% Broken Using Hashes Derived From Captures · · Score: 1

    "The claim that "security in XP is from the last century where all you needed is a good password" also shows your utter and complete ignorance of XP and security architectures"

    Right, you mean how in XP there is an IMPERSONATION SERVICE where a user mode program can run with kernel mode priveldges and impersonate a critical service?!

    No ASLR, limited DEP, no priveldge seperation in the code. Yeah, XP is last century security wise which is fine as other operating systems from the 20th century lacked those as well.

    "you may have worked in corporate IT but you have no clue. What is your source for wild ass claims like "9 out of 10 CPU cycles are work around exploits"? Oh, right, you pulled that out of your ass -- an invented statistic to try and make XP look bad"

    Yeah, I am making it look bad because in 2013 it is bad. You are telling me after 1,000+ exploits there is no performance penalty or advanced filtering for every input and i/o after 12 years? THe fact of the matter is XP ran good on 128 megs of ram on a Pentium II 300 mhz in 2001. Why can't I run it like this. The answer is because of +700 patches.

    I look at XP like a boat with holes all over encased with 3 feet of bandaids. I have not looked at hte source code and neither have you. I do not have to rely on fake statistics. Look at the evidence of it today? I can not see how it is possible to fix all the exploits without breaking apps.

    My only explanaition is double the code size and filtering out every i/o and input due to the architecture not being able to withstand the malware we have today. NTLM is yet another example, while IE 6 - 8 while still being patched is not being hacked as I typed this because it can not run in protected mode in XP.

  17. Re:And this is important because? on NTLM 100% Broken Using Hashes Derived From Captures · · Score: 1

    I think he is right.

    Iwrote some simple asp site that did just that with IE 5.5 when Windows 2000 was brand new.

    Hopefully these dinosaurs are going down since XP is getting EOL. Can a recent web developer tell me if you can use NTLDMv2 today with a modern browser?

  18. Re:IE 6 apps wont work with NTLMv2 on NTLM 100% Broken Using Hashes Derived From Captures · · Score: 0

    It is a big problem if you are moving to WIndows 7 on the client side and they are trying to virtualize IE 6/XP/Server 2k3 for their apps. If you upgrade then the authentication will fail. Many are dragging their feet so they do not have to deal with this until 2014.

  19. Re:Thanks alot.... on NTLM 100% Broken Using Hashes Derived From Captures · · Score: 4, Insightful

    I already replied to someone saying the best way to harden XP is called Windows 7.

    I do not understand the strange obsession of keeping XP. Does it save money. No.

    Geeks with aspergers lack the social skills to grow a pair and tell the cost accountants they are morons as if these companies who handle customer social security numbers, credit numbers, and other things with their billing department are ripe pickings with XP.

    XP has been proven time and time again to be old, insecure, and has security features from a different era. It comes with IE 6. I mean did MS really make it that secure? Oh it is password protected. THat is good enough ... check.

    IE 6 - 8 are being exploited right now under XP because it lacks protected mode and even the Mr. Fixit from that exploit has already been circumvented. But those on XP claim they are saving money and how great and secure their OS is that wont listen. Just because it runs on machines with 256 megs of ram doesn't mean it is supperiorly coded and of high quality. THe misinformation many supposedly IT professionals are astounding.

    I should start bookmarking these so when someone mods me down and says how great XP is and why change to an inferior bloated OS like win 7 I can cite this and the IE 6 -8 hole links?

  20. Re:It is called WIndows 7 on NTLM 100% Broken Using Hashes Derived From Captures · · Score: 5, Insightful

    It is time to get with the times.

    Yes, I worked in corporate I.T. before and know all the tired arguments. The OS will turn 13 years old later this year. 13 years?!

    Not to mention XP SP 3 after 800 or so updates is slower and not the speed daemon it once was as 9 out of 10 CPU cycles are work around exploits. Stop defining yourselves and your ego on an OS made by the same people who wrote IE 6?

    The idea for security in XP is from the last century where all you needed is a good password. It lacks things a modern internet enabled OS have today. It is not a trendmill at this point nor is MS being evil to the mean old beancounters who refuse to see hidden costs and just licensing on a spreadsheet in excel. This story, the one on IE 6-8 being vulnerably last week on slashdot, and many others stating XP is so primptive because it doesn't have protected mode, ASLR, are DEP fully (only a few things have that on XP).

    If you ask this because your IT department has no plans to upgrade then another job who treat your profession and seriousness with respect.. They are incompetent and when shit hits the fan and social security numbers are stolen you will get the blame as the cost center and be let go anyway.

    It is obvious with the latest security issues in IE6, IE 7-8 (in non protected mode), XP, and now this that it is time to let it go instead of workaround it. Investing time and money into it is like investing cash into a car with 200,000 miles.

    These costs are real and so are the liabilities. Grow a pair and sell yourself the cheap asshats at your company? You are not saving anything by keeping an outdated insecure infrastructure and it is not unreasonable to upgrade to a 3 year old OS.

  21. IE 10 is pretty darn compliant. MS used to put in technology in IE 6 that the W3C changed which made the browser incompatible. As a result MS wont put it in IE until it is approved or at least recommended which is why is has a slightly lower score than Firefox in html5test.

    Put standards do not count. It is the apps that the corps need and practically of deploying to thousands of computers that many are in different continents. Until Firefox supports this it wont matter. IE is still the best corporate browser until Firefox and Chrome come up with better tools.

    At least you can run other browsers now at work if your boss is not cheap and has upgraded in the last 2 years or so.

  22. Re:How will this affect the industry? on Adobe's Strange Software Giveaway: Goof, Or Clever Marketing? · · Score: 1

    I have a pirated version of CS 5.1 of PS. I hate running pirated software.

    The issue is CS 2 is a redisigned UI from 5.x and 6.x. It is almost a different product with the crappy Adobe AIR replacing it.

    I do wonder what version 5 has that 2 does not? Maybe I can downgrade but I am lazy as these things have all sorts of dependencies, DRM, and dll hell scattered I do not know if it will break something first if I do uninstall and then downgrade? I would prefer a fresh format. If that is the case then I will keep what I have.

  23. Re:Hey, whatever happened on Tablet Shipments Will Finally Overtake Notebooks In 2013 · · Score: 1

    To the "tablets are a fad" crowd?

    They were a lot louder 2 years ago.

    Didn't netbooks outsell notebooks and were the next big thing at one point?

    I was disappointed in 2010 when I heard about the ipad as I was expecting a powerbook mini instead. I was wrong once the apps came out I guess.

  24. Because of Windows 8 on Tablet Shipments Will Finally Overtake Notebooks In 2013 · · Score: 4, Interesting

    Not because people want tablets.

    2 different things. Many see them and say, so this is what I have to use?! My old clunker with XP still works and I do not have to put up with that bullshit or they demand a yoga or convertiable tablet/notebook since it is a touch optimized interface anyway.

    I tried Windows 8 and it truly is a terrible gui. I can use it and even kind of get used to it out of habit and wanted to keep it ... well a little. Windows 7 went right back on after I had some glitches and realized it will be well supported for 8 more years so why change?

    Until I see people actually say "I do not need a notebook. I got my phone or tablet instead?" then I will believe it.

  25. Re:The latter. on Adobe's Strange Software Giveaway: Goof, Or Clever Marketing? · · Score: 3, Interesting

    You have $400 left at the end of the month? Spread some of that wealth around...

    I wish as of recent. Some of us simply do not make $70k a year who can buy such things. I have seen posters on slashdot where they laugh at those offering just 60k a year and wonder how are they going to survive?!

    Apparently, they got in during 1999 and not in 2009 where most computer science graduates make $12/hr out of school and feel lucky to ahve a job and still live at home. The disconnect is huge right now between these groups. Traditionally it was the college vs non college educated adults ... but this is offtopic.

    $700 is too expensive for anyone unless they own a business and make good cash. That was the point.