Slashdot Mirror


User: julesh

julesh's activity in the archive.

Stories
0
Comments
8,446
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 8,446

  1. Re:60M sold? that's a lot. on Why the iPod is Losing its Cool · · Score: 1

    Indeed, if you aren't using iTMS, iTunes is a pile of shit that gets in the way when you're trying to do common operations (like put a load of MP3 files onto your device... how hard is that? Well, you have to create a new playlist, import the MP3 files onto the playlist, and then copy the playlist onto the device... why can't I just put them on directly? Who knows?!).

  2. Re:60M sold? that's a lot. on Why the iPod is Losing its Cool · · Score: 1

    I use the Osaka subway and local train system to get to work, and the single most common thing people are doing is to use their mobile phones to email, to play games, to listen to music or speech books and to surf the net (the second most common is read a book or comic, with portable games and mp3 players a distant third).

    Really? On the occasions I commute to work by train (typically to London, but it depends where the client wants me) most people I see are actually working: they're reading reports, word processing stuff on laptops, talking to colleagues... perhaps its just a cultural difference?

  3. Re:Sue the link!! on Judge Rules Sites Can Be Sued Over Design · · Score: 1

    The "sue them" line is a joke, but their website really is broken

    Yep. The server's sending HTML documents with "Content-type: text/plain". This'll work in Internet Explorer because it ignores the standard and tries to automatically correct for mistakes like this, but no other web browser will be able to view the page.

  4. Re:No kidding on Judge Rules Sites Can Be Sued Over Design · · Score: 1

    So ya, I'm sure the expense is minimal for large companies, but you've got to think about the small businesses too. When your entire web team is one person, and your entire staff is like 6 people, hiring another person IS expensive, really expensive.

    I don't know about the US law, but the equivalent UK law only requires a business to take steps that are reasonably within its power. Requiring them to do something so expensive it would cause the business to turn a loss wouldn't be considered appropriate. I would hope the US law has similar provisions.

  5. Re:suggestion for a safe Windows Expirience on Botnet Business Model Comes to Life · · Score: 1

    The same applies to a virus scanner. The lastest virus disables it as well as the Windows 'firewall.

    If your virus scanner is working, it will catch the virus before it has a chance to execute. If it doesn't work, there's nothing that can prevent this, firwall or otherwise.

    How does the users common sense detect when a URL links to a malicious script or if an attachment is unsafe.

    If I knew how it worked it wouldn't be common sense. But it's worth noting that over the last 12 years of Internet & BBS use, I've never once been infected (or had an infection prevented by anti-virus) by anything that relied on me clicking a link or executing an attachment. The only malware that has ever been on any of my systems was completely automated: a Linux worm that propogated through a BIND vulnerability. It failed to infect my system, but only because I was lucky: the shellcode assumed that /etc/inetd.conf ended with a newline, on my system it didn't.

    How have I managed this? A combination of using more secure software where it's available, keeping up on updates and being careful what I choose to do with my system. It isn't hard, really. You just have to think about what you're doing.

  6. Re:MOD UP! on Botnet Business Model Comes to Life · · Score: 1

    In discussions like these, I find that this capability is often cited as a reason why BSD's software firewall is better than others. I disagree: it's a theoretical capability that's only useful in a minority of cases and doesn't improve security for the average user, for whom it's too damned inconvenient.

  7. Re:suggestion for a safe Windows Expirience on Botnet Business Model Comes to Life · · Score: 1

    What extra functionality does the Windows firewall provide that the others don't. A software firewall is no protection at all as once you've opened the attachment or clicked on a URL you get infected and the first thing the virus does is disable the 'firewall'

    True. Which is why you need to (a) execute common sense and (b) have a good virus scanner.

    In other words don't get a hardware firewall because it mightn't be configured correctly. That fails the logic test. The last adsl modem+router I tested was by default NATed and did not allow incoming connections apart from web and email. This web site claims to scan for open ports.

    No. In other words, don't get a cheap NAT box and assume it's a firewall. Firewalls filter incoming packets. NAT boxes make it difficult to address machines on the internal network. That doesn't mean it's impossible. There is more to network security than ensuring no open ports show up when somebody portscans your router's address. Your firewall also has to drop suspicious packets that aren't addressed to it (e.g. packets that are forwarded through it for other destination addresses, possibly because of a source route specification). Cheap NAT devices often do not do this. I know the one I have doesn't. I assume some others are the same.

  8. Re:suggestion for a safe Windows Expirience on Botnet Business Model Comes to Life · · Score: 1

    Why not simply a hardware router/firewall for a lousy 20 bucks?

    Because everything I've seen for that price is *not* a firewall, but an NAT router. NAT routers are not firewalls, and shouldn't be relied upon for security unless you know that they drop source-routed packets. If you're able to test this, fine. If the manufacturer describes the product as doing this, fine. If there's a config option for it, switch it on and fine. But if none of these is true (which is the case most of the time somebody sets up an NAT box and assumes it means their network is secure) then your network is open to anyone who wants to try to get into it. All they have to do is guess the address of one of your machines and they're in.

  9. Re:suggestion for a safe Windows Expirience on Botnet Business Model Comes to Life · · Score: 1

    the most important thing is to try to install xp sp2 before the first network connection. or else, sasser and his friends will be there in no time (usually even before you have finished to download the sp2, let alone installed it)

    That's not a problem I've had. The pre-SP2 firewall mostly works. You just need to remember not to connect to the net until you're sure it's active (it isn't at boot times, and it isn't by default, so you have to remember to switch it on).

  10. MOD UP! on Botnet Business Model Comes to Life · · Score: 1

    There's nothing fundamentally wrong with the XP SP2 firewall.

    It works in doing what it can, it doesn't try to do anything that it can't, it doesn't cry bloody murder about the natural background noise of scans which it successfully blocked, and it doesn't try to be too smart and parse protocols.


    Amen. I've been saying for years now that even attempting outbound filtering *based on the identity of the process sending the packets* is an excercise in pointlessness. Unless you want to have to approve every request that any application makes. But boy would that get tedious fast.

    The XP SP2 firewall is as good as a software firewall needs to be. The BSD idea of having one you need to reboot to disable is interesting, but probably too fiddly in practice. Security needs to be easy, or it doesn't get used.

  11. Re:Outsourcing Botnets. on Botnet Business Model Comes to Life · · Score: 1

    Gosh, darn it! I'm in the wrong business.*

    *Even E-Bay sellers can't do as well.


    This says more about the poor returns from selling shit on e-bay than it does about how good selling botnets is. ~$120k (based on 280 days of work per annum, which is about right) sounds great, until you realise that you'd have to work damned hard for it, it isn't a reliable source of income, and doesn't come with any benefits. Add to that the fact that I sincerely doubt this guy could find 280 botnet customers in his lifetime, let alone in an year, and the business is clearly a dead end. I don't even get to factor in the 50% losses from money laundering before pointing out that he'd be much better off stealing peoples identities and getting loans in their names.

  12. Re:$430 in one day? on Botnet Business Model Comes to Life · · Score: 1

    Agreed. The skills required to set up a botnet are no easier to master than many other skills: the ones that can earn a consultant that kind of money before lunchtime, if he rolls into the office late in a day, for example. And about as reliable; I'd guess that this script kiddie's going to get no more than a few tens of jobs per year. There's not a whole lot of demand for botnets, and there's plenty of people will the skill"z" to create them. $8,000 per annum doesn't seem like a great salary to me. Even if I do only have to work occasionally to get it.

  13. Re:Copy, paste on 611 Defects, 71 Vulnerabilities Found In Firefox · · Score: 1

    THANK YOU.

    I've been spending the last year or so assuming I was crazy, thinking to myself "I'm sure I pressed Ctrl+C." I was on the edge of concluding that the control key on my keyboard was slightly dodgy.

  14. Re:Memory leaks on 611 Defects, 71 Vulnerabilities Found In Firefox · · Score: 1

    Also, sometimes keyboard focus goes nowhere. I have zero idea how to reliably reproduce this, so I haven't filed a bug, but I'm getting ready to switch away.

    It's already filed and being ignored, as per usual approach. The problem is that the focus can be put into a tab other than the currently active one. This can happen if you switch tabs through the keyboard interface, or if a script running in a non-active tab calls someControl.focus().

  15. Re:Not quite... on When Is a Con Not a Con? · · Score: 1

    Not quite... If I purchase a frozen pizza, and then keep the box (lets say the box is useful for storing LP records, and giving them a nice pepperonni odor!). The cheapest way to replace the box would be to purchase a new box of frozen pizza, since the company doesn't sell the box without buying a pizza. However, it would be silly to say the box without the pizza is the same value as the box with pizza. Clearly a pizza and a box are more valuable.

    True. An item is only worth its replacement cost if there is a reason why somebody would want to replace it.

    Second, you are assuming that the item in the game is an item. What people are paying for is a service. That service includes hosting virtual items, but no player of the game owns an item.

    Services can be replaced in just the same way as items: the economics are the same, whichever way you look at it.

  16. Re:Creating white space - apologies on What's in Your HTML Toolbox? · · Score: 1

    Re: IE CSS -- Thats IE's fault, not CSS's

    Yes, but those of us doing real web site development work understand that our results have to work with IE, because a lot of people use it and we have to support anything that significant number of people use. You can't just blindly code to the standards and hope, you have to pick and choose only the standards that actually work for most people.

    Table cell widths works fine, in some situations.

  17. Re:More freedom ? on Debian Kicks Jörg Schilling · · Score: 1

    Actually, I'm a Guardian reader. But I do enjoy Mail Watch.

    I just don't buy the argument that limiting freedoms increases freedom.

  18. Re:Why go that far? on Commodore 64 Confuses Austrian Police · · Score: 1

    This is a Commodore 64- the operating system is in ROM and can't be overwritten.

    It is entirely possible to pop the ROM out and replace it with your own.

  19. Re:Correct me if I'm wrong... on Download From Microsoft Without a WGA Check · · Score: 1

    Configure your client to send this as the initial command (this is an option in almost all SSH clients; in PuTTY it's in the "ssh" tab):

    screen -R -l -s -bash

    That'll reconnect to an existing session if one's available, otherwise it'll start a login shell with bash.

  20. Re:TRUTHINESS! on Who (Really) Writes Wikipedia · · Score: 1

    No, it isn't. As it clearly says here, "The threshold for inclusion in Wikipedia is verifiability, not truth. (Or truthiness.)."

  21. Re:Duh, they design it that way on Who (Really) Writes Wikipedia · · Score: 3, Insightful

    Err... according to the list of protected pages, the longest any page has been protected is George W. Bush, which has now been protected against moving only for 13 months and against editing by recent or unregistered users for 2 months odd (although it was only unprotected for 7 hours before that, it was vandalised 10 times, compared to 3 edits that were actually kept in the period).

    Other than that, there's Gregory Lauder-Frost, which is protected apparently because he threatened to sue, and a couple of other extremely controversial topics that have been protected for over 2 months. Nothing has been protected "indefinitely" unless by that you mean "longer that you're willing to wait for unprotection".

  22. Re:not quite like a real encyclopedia ... on Who (Really) Writes Wikipedia · · Score: 4, Insightful

    Actually, I think most of those people with the largest number of edits really are tweaking it towards complying with internal standards. Most of them are adding references to unsourced material, or adding {{fact}} tags to mark where unsourced material is so that someone with better knowledge of the subject can find a reference for it, or making stylistic changes towards standardised article structures, categorising information, fixing spelling or grammar errors, debating editorial decisions about what should and shouldn't be included, and things like that. These jobs aren't glamorous, but a lot of wikipedia's biggest contributors work on them.

  23. Re:Old trick, new buzzword on COWS Ajax - Ajax Evolved · · Score: 1

    The problem with this approach is that you have to trust the domain you're querying.

    What if you can't do that for some reason?

    I think a cross-domain XHR would be much more useful than this pattern, but nobody seems to want to give us that.

  24. Re:DO NOT USE THIS on COWS Ajax - Ajax Evolved · · Score: 1

    Agreed. I've been looking for a way of loading data from a different domain to the source document for some time now, but this isn't it. This is a security hole waiting to happen:

    1. Create hugely popular web application and host it on your own domain
    2. Convince web designers to link your application into their sites by adding script tags that load the code from your domain
    3. Wait until a large number of popular sites implement it
    4. Change your script to harvest these sites' users' usernames and passwords.
    5. ???
    6. PROFIT!

  25. Re:You hit the nail right on the head: on When Is a Con Not a Con? · · Score: 1

    I think the difference between that case and this one is that the case you describe is of somebody abusing game mechanics (a disconnected player can't be killed, so they get away with it with no risk). In this case, it seems the player is playing the game as if it were real: his character is behaving like a real scammer would... he ran away before the problem with what he was doing became apparent and now has a rather large price on his head.

    As far as I'm concerned, this is cool. I hope he's having a great time trying to keep one step ahead of all them bounty hunters. :)