Slashdot Mirror


User: julesh

julesh's activity in the archive.

Stories
0
Comments
8,446
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 8,446

  1. Re:surprising? on Wikipedia != Authoritative? · · Score: 1

    You misunderstood the AC's point, I think. His point was that some articles on wikepedia can be trusted and some can't. The more popular and mainstream the article's subject, the more likely it is that you can trust it. Obscure topics that nobody is ever likely to read are less authoritative.

    No single source can ever be trusted entirely, you have to look at the context around the information to determine how much you should trust it.

    Also, wikipedia will apparently be launching a frozen version soon, in which all of the pages have been reviewed and approved by somebody other than their last editor. This should help the situation somewhat.

  2. Re:In a perfect world... on Mozilla Usage Doubles in 9 Months · · Score: 1

    It's actually better for browsers to not be completely bound by standards. Browsers don't have to be as long as they can render compliant code properly.

    That's what standards compliant _means_ for a browser. The standards don't actually say what a browser should do with non-compliant code, so it's up to the browser implementor to do whatever they want (usually, they try to render it as close as possible to what they think the site author probably meant). Specifically, the standards do not say, thou shalt not support the <BLINK> tag.

  3. Re:Stats for Non-Technical Users on Mozilla Usage Doubles in 9 Months · · Score: 1

    That's pretty close to what I see. Interestingly, if I restrict the query to only agents that identify themselves as running on Windows, I get 96% IE. I also have slightly more Konqueror than that, running at about 0.3%.

  4. Re:I'm more interested in those OS stats. on Mozilla Usage Doubles in 9 Months · · Score: 1

    Seems like bias to me. I see approximately 5x as many macs hitting my company's sites as Linux machines (a mixture of e-commerce, business to business, and entertainment sites).

    I also get about 96% of Windows users on IE, accounting for about 86% overall.

    Mac users are about 59% MSIE and 41% Safari. About 0.5% are using Mozilla (only 9 hits in my sample period; 8 were from Netscape 7, 1 from Firefox 0.9.1).

  5. Re:Is This True? on Mozilla Usage Doubles in 9 Months · · Score: 2, Insightful

    Most browser dection code follows the following algorithm:

    - If the string contains MSIE it's internet explorer, so use the number after MSIE as the version
    - Else, if the string contains Opera it's Opera, use the version number immediately after that
    - Else, if the string contains Mozilla it's a netscape/mozilla family browser: use the number after Mozilla/ as the version number
    - Else class it as unknown

    By this rule, Konqueror and Safari are both detected as a mozilla variant.

  6. Re:Lies, Damn Lies, and Statistics on Mozilla Usage Doubles in 9 Months · · Score: 1

    Although I am just a lowly nurse, I provide ad hoc tech support to our little off site research facility. When I repair some infected machine, I just delete the "E" icon, put on Mozilla and tell them thats what they have to click now to get on the internet. The only comment I've ever heard was "Why don't I get all those popups blocking my screen anymore" Most people never notice the differance.

    So nobody at your site ever uses Windows Update? Or Internet Banking (which 9 times out of 10 requires IE, often "for security reasons" [sic])? Or any of various sites (e.g. Intel's developer documentation) which detect firefox and put up a message saying that you have to "upgrade" to Internet Explorer or a recent version of Netscape?

  7. Re:Offtopic on Mozilla Usage Doubles in 9 Months · · Score: 2, Interesting

    only if you believe that there is no drawback to living a (likely) lie.

    His point is that the idea (whether true or not) is one that specifically encourages people to (usually) behave in ways that are better for society as a whole, so it is therefore better to believe it than not believe it, whether it is true or not.

    There are of course other belief systems that do not call for a supernatural supreme being dealing out divine justice after your death in order to give the same results. I call mine "ethics", although there are a lot of people who don't seem to believe in it...

  8. Re:Lies, Damn Lies, and Statistics on Mozilla Usage Doubles in 9 Months · · Score: 2, Insightful

    Just because they won over Netscape by using the operating system as a way to distribute, doesn't mean that they will nessasarily maintain.

    I personally believe they beat Netscape by having a better product. When the choice was Netscape 3 or IE 3, I would routinely install Netscape on any new windows install I did, simply because it was so much better. When IE 4 came out, I resisted for a while, but eventually gave up. It was faster starting, more responsive, and not as picky about broken HTML as Netscape 4, all of which were useful features.

    And then IE 5 came out, but there was no corresponding upgrade from Netscape. At that point, it was clear that they had lost.

  9. Re:MPEG-2 ISN'T FREE on Microsoft Codec Required For Blu-Ray Players · · Score: 1

    The company that stamps your disc takes care of that aspect. I think it's around $0.04 per disc these days.

    Perhaps you didn't understand my point. I already have a license. Why should I pay any more? They can't enforce that.

    Also: the process of stamping a disc with precalculated data does not infringe on any of their patents, so how can they demand anything at all in this case?

  10. Re:Mozilla tries the unintegrated method. on Mozilla's Sunbird Reviewed · · Score: 1

    I just don't see how doing this with a competitor's vehicle would help them. Doing it with their own they can identify flaws and devise ways to work around them. But what would crashing a competitor's car gain?

  11. Re:Wonder if Windows Kerberos will be affected? on MIT Warns of Critical Vulnerabilities in Kerberos 5 · · Score: 2, Informative

    MIT Kerberos is under the MIT license, which is largely similar to the BSD license.

    I believe Windows' implementation was originally based on the MIT code, but I'm not sure.

  12. Re:Whats next from our corporate overlords? on A Sound of Thunder · · Score: 1

    Ah, holywood, always so true to the original work, why read anymore!

    MPAA represntative: Yes, that's right, build a pile of them books over there. We'll spray them with parafin and ignite it from a safe distance. You'll never miss them. (Aside: now they'll never know how sloppily we're adapting them all. [EVIL LAUGH])

  13. Re:Respect? For 451? on A Sound of Thunder · · Score: 1

    Respect is earned. Since 451 is neither accurate nor quality, it deserves no respect. What a joke, "Respect" for 451... Ha Ha Ha.

    Huh? OK, I'll buy the fact that the future it predicted hasn't happened. But then neither has 1984, people don't condemn that for being "inaccurate". It was fiction, intended to warn of potential dangers by showing an exaggerated version of what might happen. And, in a sense, it is an exaggerated version of things that have happened -- just look at the number of people who do nothing with their spare time other than watch TV. That is a proportion of the population that has, I believe, been steadily increasing ever since Bradbury wrote the story. People living in cities do complain that they feel more isolated from each other than in the past, something else that Bradbury's story warned about. So, I'd say it was actually pretty accurate and insightful.

  14. Re:Adaptation of sci-fi novels must be tough on A Sound of Thunder · · Score: 1

    The reason nobody watched it was that it was 1) impossible to understand without reading the book first, and 2) _way_ too long. You just didn't have 3 hour films back then.

    This is, of course, an irreconcilable problem. The solution would have been to draw out the explanations of what was going on a little longer, and split the result into a few manageable chunks.

    The SciFi adaptation was actually pretty good at this. There were very few "huh?" moments in that version. It was, of course, something like 5 hours long, split into 3 chunks with adverts thrown into it to pad it up to 6 hours total.

  15. Re:Mozilla tries the unintegrated method. on Mozilla's Sunbird Reviewed · · Score: 2, Insightful

    Anyone making software would be nuts not to try the competitors product. I mean, surely Audi engineers try BMW's to see what they have to compete against, right?

    I would expect the engineers to do this. I would expect the designers to do this. I would expect the marketing department to do this.

    I would not expect the guy who runs the safety testing facility to do it.

  16. Re:What crap on Last Words On Service Pack 2 · · Score: 1

    I used to have respect for Mr. Greene, but this article is just rabid:

    SP2 did little to improve our system's practical security, leaving too many services and networking components enabled, bungling permissions, leaving IE and OE vulnerable to malicious scripts, and installing a packet filter that lacks a capacity for egress filtering.

    The services he lists should mostly be left on, IMHO. There are a few exceptions (he has a point with DCOM, for instance, most people have no need for that and those who do know what they're doing enough to enable it.

    He also seems confused about Windows' service startup classes. "Manual" does not mean that the service is run automatically, only that if software is run that wants to start it it will be able to without adminsitrative intervention. Therefore, having the telnet server and remote access set to manual does not represent a security problem; the user would have to actually tell windows to start these services before they run.

    Egress filtering does not add to practical network security for most people. It is, to use an overused analogy, like shutting the stable door after the horse has bolted.

  17. Re:What crap on Last Words On Service Pack 2 · · Score: 1

    i'd argue that saying most home users are still using dialup is incorrect - at least in the US, as a fairly significant number are using broadband

    In the UK (which is where the author is), most broadband users don't need DHCP, as the most common way of connecting to a broadband service is via PPP over ATM using a device that connects to a USB port.

  18. Re:Interesting... on Last Words On Service Pack 2 · · Score: 1

    Suggesting that we turn off DHCP with a comment like "Unnecessary on most home machines" shows that someone is not in touch with the rest of the world.

    Maybe in L33Td0M you only run static IPs so you can connect by typing in l33T IP addresses instead of machine names, but the rest of the world doesn't know an IP address to save them.


    That isn't what the OP was suggesting. What he was suggesting is that most home users don't have a DHCP server, so the client is useless to them. They connect to the internet via a modem or a PPP over ATM device that connects to their USB. The suggestion is that broadband routers are only really used by power users.

    I'm not sure how true this is. Certainly it is for just about everyone I know, but that might be a UK bias.

  19. Re:Add arbitrary salt? LESS secure! on Implications Of The Recent Hash Function Attacks · · Score: 1

    In your question, you're asking what if YOU add an arbitrary salt string of your choice, and then do the MD5 hash. In this case, the attacker cannot choose your string. But then what use would your new MD5 hash be? You would need to compare it to another MD5 hash (presumably, that of the originating site) which also used the salt string of your choice.

    Yes. This is the same situation that the original poster who suggested this was talking about -- he was monitoring files on his system for changes (presumably in order to catch rootkits being installed, etc.).

    I understand the problems if you don't choose your own salt.

  20. Re:CPU on Internet2 Speed Record Broken · · Score: 1

    Not sure about MD5 but SHA1 (which is more complex, even) can be calculated with about 15 CPU cycles per byte on Intel hardware, if you write the implementation using SSE instructions. If your machine were hashing at the most efficient rate possible, it would have taken less than 2 minutes. You have to add to this, of course, disk to memory transfers, cache and pipeline stalls, overhead of switching to any other tasks that needed to run, etc. Chances are the application wasn't smart enough to buffer the data ahead of time to try to keep a full pipeline of data to process, which is the main reason for the slowness here.

  21. Re:Achieving equivalent Disk I/O on Internet2 Speed Record Broken · · Score: 1

    NUL dates back to DOS, which wanted to be like Unix. Well, a little bit like it.

    Little bit of trivia: there was an option in early versions of DOS that could be enabled to require a "\DEV" prefix before device names. It was dropped because nobody ever used it.

    See Ralf Brown's interrupt list for documentation on how it worked.

  22. Re:MPEG-2 ISN'T FREE on Microsoft Codec Required For Blu-Ray Players · · Score: 1

    EVERY DVD DISC STAMPED requires a payment to MPEG-LA

    Huh? Are you sure about this one. I have licensed software to produce MPEG2 encoded video streams, with no exceptions on what purpose I may use this for. If I think stamp a DVD disc with that stream on it, there is no legal way in which MPEG-LA can force me to pay another license fee, because I have _already licensed their technology_.

  23. Re:Mandated for hardware, not software on Microsoft Codec Required For Blu-Ray Players · · Score: 1

    XviD is legal only as a sorce distro for educational purposes.

    I only use it for educational purposes. Those videos _are_ educational. Honest.

  24. Re:Frequently questioned answers on Implications Of The Recent Hash Function Attacks · · Score: 1

    "This attack produces two messages with the same hash, no guarantee what that hash would be, instead of one message with a chosen desired hash, so it isn't a threat to real systems."

    That's just stupid. "No practically-findable collisions" is one of the design requirements for a secure hash function. Protocols using secure hash functions are based on the assumption that the functions used are secure hash functions.


    Well, yes and no. There are two reasons for using a secure hash function: to prevent a message from being changed by its originator, and to prevent a message from being changed by a third party who wasn't the message's originator. This latter application is unaffected by these breaks, and is also the more common requirement of the two.

    In fact, you could say that in most real world situations it is enough. There are few applications where it is necessary to prevent the originator of a message changing it; most of these can be secured by having the signer modify the message before signing. Only if the originator _and_ signer cannot be trusted is there a problem.

    If your hash function doesn't guarantee collision resistence, then your protocols must be assumed to be broken unless you can go back and prove, for every protocol, "This one is still secure even if we use something that is not a real secure hash function."

    Thanks for your advice. I will continue using the eDonkey2000 file sharing network, which uses MD4 for its file verification, because I don't believe this to be a real threat to that application. (Yes, I can see threat scenarios where it might be a problem, but I can also see other attack scenarios that use social engineering and are much easier to carry out)

    However, I will not use Kazaa, which uses an utterly broken hashing algorithm (where it is trivially easy to construct a collision for a known hash if you already have a sufficiently large file that generates that hash) for its file verification.

  25. Re:This is what I've been saying! on Implications Of The Recent Hash Function Attacks · · Score: 1

    SHA-0,1 are only defined for messages of less than 2^64 bits.

    MD5 also has a similar restriction; at one point in the process the size of the message in bits must be stored in a fixed width field (I believe it is also 64 bits for MD5, although I can't remember exactly).