Slashdot Mirror


User: the+eric+conspiracy

the+eric+conspiracy's activity in the archive.

Stories
0
Comments
9,198
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 9,198

  1. Re:Microsoft Responsible..... on When Will The Next Slammer Strike? · · Score: 1

    better designed tires that Firestone's would survive those natural road stresses.

    The worm is not a natural stress. The writer committed a deliberate and criminal act.

  2. Re:port 2434 on When Will The Next Slammer Strike? · · Score: 1

    Only an idiot would have 'key' business functions exposed like that.

    Yes, but having a SQL server on the net for non-key business activities, ie training, development, etc is entirely reasonable.

  3. Re:What they fail to mention is... on When Will The Next Slammer Strike? · · Score: 1

    ...this was just a problem caused by lazy system administrators.

    You wouldn't say that if you were a typical sysadmin in the post dotbomb world - working 60-80 hours per week, on call 24x7, etc.

    The fact is that sysadmins didn't put the security hole in the software, nor did they write the virus.

  4. Re:Microsoft Responsible..... on When Will The Next Slammer Strike? · · Score: 1

    The bigger question is why isn't Microsoft being held responsible?

    Maybe because they didn't write the worm?

  5. Re:The Gist on NARAS vs. the RIAA · · Score: 2, Informative

    But why should utilizing others' discoveries be illegal if proper credit is given? I can't conceive any principle or moral factor that justifies that.

    It is unfortuante that people seem to have such a poor understanding of what led to the establishment of a patent system. Prior to patents, businesses and trades kept ideas that gave them a commercial advantage secret (this is where the term 'trade secret' comes from). There was no dissemination of these ideas whatsoever. This had a large negative impact in the growth of technology.

    To counteract this, the concept of the patent was developed. In its most fundamental form, the patent is a contract between a government and an individual. The exchange of value is that the inventor fully discloses his invention in the form of a document that becomes freely available (the patent) - this is why patents are NOT copyrighted. In return the government provides the patent holder with a limited time monopoly on the practice of the invention. This system is so effective that the only inventions that are kept as trade secrets these days are those that cannot be patented for one reason or another.

    The history is quite compelling - prior to the institution of the patent system there were very few inventions that made an impact in daily life. With the possible exception of the chimney and the horse collar man lived little differently in the 17th century than he did immediately after the invention of agriculture 5000 years previously. The patent was one of the keys to the occurance of the industrial revolution in England in the 18th century, and the onset of modern technological society. In the past 200 years the effect of and growth of technology, and the improvement in the lot of mankind has far outpaced the previous 5000 years.

    The patent plays a siginifcant role in this, for the simple reason that it promotes the dissemination of ideas that would have otherwise been kept secret.

  6. Ozone Layer Doesn't Need Saving on Nanotechnology Could Save The Ozone Layer · · Score: 2, Interesting

    Bans of CFC's that deplete ozone have already essentially stopped ozone depletion and in fact ozone levels are expected to slowly recover over the next 50 years or so.

    http://www.hvacmall.com/news/article_00020.htm

  7. Re:Two explanations on Poor Netscape/Mozilla Support in .NET · · Score: 2, Funny

    "Never attribute to malice that which is adequately explained by stupidity." --Robert Hanlon ("Hanlon's Razor")

    Microsoft picked up Malice as a subsidiary when they acquired Evil a couple of years ago.

  8. .Net on Poor Netscape/Mozilla Support in .NET · · Score: 4, Insightful

    I had severe misgivings when I read that .Net generates its own HTML for some of its features, AND it was doing so in a browser specific way.

    Suppose I wnat it to do something else?

    I imagine that you could write your own control, but that would sort of defeeat the purpose of the elaborate architecture that MS touts as saving considerable development time.

    Its a real honeypot and bear trap.

  9. Re:Calling a spade a spade: AOL is F*cked on AOL Reports Its First Drop In Subscribers · · Score: 1

    They lost $99,000,000,000 last year!

    Nah. The Feds changed the accounting rules for certain types of mergers. As a result AOL had to make some changes in the the way they state the value of companies they own. The 99,000,000,000 that was appearing on the books never acually existed except perhaps as some ridiculous stock valuation during the peak of the dotbomd sillyness.

  10. Re:will happen on linx as well on Microsoft Blasted For Lax Security · · Score: 1

    I didn't say that I wouldn't have any vulnerabilities, but no worms have yet been made to exploit them.

    There are plenty of worms out there that will attack IIS on an out of the box W2K install. Worms that attack Linux systems choose different services. If you are going to make a statement like 'I can install a three year old Windows OS, turn off IIS and have no worm attacks' you have to also allow for the scenario where I say 'I can install a three year old RedHat system, turn off inetd, and have no worm problems'. No difference.

    so far, the linux box has required significantly more work.

    I can see that happening in your particular circumstance. Myself, I find Windows servers to be much harder to work with - for example their need to be rebooted when installing security patches is terrifying if you are in New Jersey trying to administer a box siting in a colo in Virginia.

  11. Re:will happen on linx as well on Microsoft Blasted For Lax Security · · Score: 1

    but if I install a three year old version of RedHat, I am vulnerable to half a dozen worms

    Why would anyone install a three year old version of any software package that has freely available current versions? You are obviously setting up a straw man argument here that can be rejected out of hand.

    There are only 4 known Linux worms, and very few known virii, and AFAIK none of them affect the current RedHat software package. And you don't have to turn anything off, or patch anything, either. None of then have ever come close to wreaking the internet the way nimda, code red and slapper have.

    install Win2k and disable IIS, I don't know of any worms that I would be vunerable to.

    There are all sorts of vulnerabilities in an out of the box W2K installation. The last time I did one of those from scratch I had to go through six reboots and 2.5 hours of downloading to get it up to date. Win2K was famous with its out of the box problems - the day it was released Microsoft went public with a security alert.

    And when you are done, you still have the bleeding hole named Outlook. A virus vector of legendary proportions.

    As far as Windows Update, don't even get me started on that. No serious sysadmin would use that - it flat out lies as to what the configuration status of the machine is. If you are serious about security on Windows you are using something like the HFNetchk utility.

  12. Re:CNN's coverage of Microsoft on Microsoft Blasted For Lax Security · · Score: 1

    what the heck is a database server doing with a direct Internet connection

    How about providing students with a test bed to do their work on from home?

    MS SQL Server was not the only MS product affected by this, either. Some .Net development components were hit, and some 3rd party sales automation tools have vulnerability to his worm.

    While you certainly don't want to put a database with critical corporate information naked on the net, there are plenty of reasons why it might be useful to have a database server accessable to the net.

  13. Re:Microsoft is being lambasted for... on Microsoft Blasted For Lax Security · · Score: 1

    There is only one marginally excusable reason to have an SQL server visiable on the net.

    A lot of companies (including Mircorosft) are having their internal netowrks hammered by this because the worm can spread from laptops brought in behind and across VPN's.

  14. Re:The solution for lazy admins. on Microsoft Blasted For Lax Security · · Score: 1

    with easy-installable Service Pack 3 released _before_ worm hit.

    ONE WEEK before the worm hit.

    How can Microsoft sue companies for not applying patches that they could not manage to apply themselves? The fact is that Microsoft is being totally hypocritical in blaming others for not following a process that they, as the most profitable company in the world can't manage to implement themselves, on their own products.

  15. Re:How to stop worms like this on Microsoft Blasted For Lax Security · · Score: 1

    Sysadmins who are lazy/ignorant don't do that.

    If I was running an IT department there is NO WAY IN HELL I would allow a database server software package that had to be patched every two months into my show. The risk and downtime associated with this would be totally unacceptable.

  16. Re:Is it Microsoft's fault? on Microsoft Blasted For Lax Security · · Score: 1

    Can we really blame MS for this? They released a patch in July...MS can't be held accountable for Windows Admins for not updating their software

    Some patching is going to be part of server maintenance, no question. However there are issues with this. You can't just go and apply a patch to a production server that is supposed to have 4 or 5 9's uptime and is taking in many thousands of dollars in ecommerce orders per day without first doing some testing. This patching process costs real money, takes time and introduces real risk. Microsoft releases a LOT of patches. Some organizations decide not to apply hotfixes because of the economics of this - and guess what, the service pack with the fix for this vulnerability was only released a week before the attack.

  17. Re:Cultural Issue on Microsoft Blasted For Lax Security · · Score: 1

    It starts with identifying how not to program, basically by highlighting that some of your basic ANSI c functions are garbage and that using them will only result in immediate termination.

    I would hope by now Microsoft (and everybody else) is using tools that blow out strcpy and its friends during the compile process.

  18. Cultural Issue on Microsoft Blasted For Lax Security · · Score: 2, Insightful

    Gates says security is job #1 and sends all his programmers to security training.

    Well, that's nice - but is that really going to do it?

    How do you really get secure software? Doesn't that arise over time, as software matures and the flaws are found in the code base?

    Is that something Microsoft can embrace as a model for their business? Isn't Microsoft really about making money by churning it's user base through upgrades every two years?

    It seems to me that it is going to be very difficult for a company that makes it's money by selling 'features' to end users and churning its software base every few years to achieve the level of maturity in is code base that is necessary to to arrive at a reasonable secure product.

    The fact is that Microsoft's business managers with bottom line responsibility are going to do waht is necessary to get new versions out - each version with an ever increasing feature set. No matter how well Microsoft trains its developers, this process is going to leadt to security issues.

  19. Re:Who's To Blame Here? on Microsoft Blasted For Lax Security · · Score: 2, Insightful

    The administrators should keep up with the newest patches and update systems during the maintanance window.

    Any organization that applies patches willy-nilly without preforming application tests is going to have problems. A company that just applies patches with testing is going to have problems that are going to be as big, if not bigger than the security issues that arise from not patching.

  20. Re:Non story on Microsoft Blasted For Lax Security · · Score: 1

    Tell me specific examples

    Here is one specific example - One of Microsoft's later patches can remove the patch that stops the SQL Slammer worm.

  21. Re:no such thing on Define -- "Software Engineering" · · Score: 1

    I.e., could you pull a random group of CS majors off the assembly line (heh) and train them in these methods, and achieve the same results?

    Talent level may be necessary, it is clearly not sufficient. There are plenty of organizations with high levels of talented programmers that produce poor quality software.

  22. Re:Repeatability and Predictability on Define -- "Software Engineering" · · Score: 1

    Hence "repeatability" is not in play.

    If this is so, why did the Software Engineering Institute gave their Capability Maturity Model Level 2 the title "Repeatable"?

  23. Re:Repeatability and Predictability on Define -- "Software Engineering" · · Score: 1

    with the comparison to a scientific experiment that demands exact reproducibility

    Then your post was in response to something I did not write. Nowhere did I mention anything about a scientific experiment. Nor in fact do such experiments demand anything like exact reproducability. There is no such thing. All experimental results contain uncertainty and error due to variations in procedure, conditions and measurement.

  24. Re:no such thing on Define -- "Software Engineering" · · Score: 2, Insightful

    and can almost always be stripped down to "first principles" like the laws of physics.

    Engineers existed long before any laws of physics were codified. In Fact, the first formal mathematics was invented as the result of studies of the methods Egyptian Engineers used to construct pyramids. For example the Egyptians used 3-4-5 triangles to lay out right angles.

    Engineering does NOT requires ANY proof of anything, merely a well structured set of rules that works. Over time Engineers have fould that there are good uses for things like mathematics and physics, but for the most part the rules that engineers have used to build things over the past 4000 years were codified into the laws of physics and mathematics as an afterthought.

    Writing software involves re-inventing the wheel for every project, constantly changing it, and constantly changing methodologies to try and put out software

    That is not software development, that is Calvin Ball. Take a look at the Software Engineering Institute's Capability Maturity Model and you will immediately recognize your description of software development as CMM Level 1, i.e. chaos. The only reason your method ever succeeds is through the heroic efforts of a few talented individuals. This is the reason so many software projects fail, are late, and are over budget. Random actions are not a fundamentally sound way to build products.

    Other organizations have better ways - for example the Loral Space Shuttle Software Group operates at CMM level 5 and produces the code with error levels on the order of 0.5 errors/KLOC where good quality commercial software runs at an average of 20 errors/KLOC.

    In 100 years, Software may be specified, designed, built, and maintained just like bridges or radios, but not now.

    Some places do that now. Unfortunately about 90% of the software industry is operating at the level of Calvin Ball.

  25. Re:Repeatability and Predictability on Define -- "Software Engineering" · · Score: 4, Insightful

    No it isn't since you never repeat writing the same software no more than an architect or engineer builds more than one of the exact same building

    Think like that and you will never be a software engineer. Every bridge, building and program is assembled from components with common structures. Bulidings have foundations, walls, support beams in the walls, windows, HVAC, etc. An architect can put these together, predict how they behave as a whole and estimate how much the assembly will cost time after time in a repeatable fashion, even though no two final buildings are the same. Software engineering is about the same thing - assembling a program from commonly used components and being able to predict the cost and operational characteristics of the final product even though no two such products are the same.