Slashdot Mirror


User: gbjbaanb

gbjbaanb's activity in the archive.

Stories
0
Comments
5,859
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,859

  1. Re:For a healthy dose of naivete... on DivX Making Hollywood Inroads · · Score: 2, Informative

    true.. but if you can compress a whole movie to fit on a DVD (to watch on the TV) with top quality it'll be good enough. Fortunately that's really easy, and the convenience factor is still there (now, if you had to swap DVDs half way through, like Laserdisc.... )

    For a computer, and in the past when DVD readers weren't 30, having a whole CD on a single CD is such a big deal that as long as the quality was acceptable-to-good, people would use it.

    I think people (especially geeks) don't realise this as much as they should - technological excellence (in all matters, not just video) counts for nothing compared to convenience and usability.

    cheers.

  2. Re:For a healthy dose of naivete... on DivX Making Hollywood Inroads · · Score: 2, Insightful

    I always thought it was popular because of its compression ratio, a whole movie on a CD... that's what did it. IMHO.

    All the other features.. no big deal really.

  3. Re:Schools to no longer avoid! on Schools to Avoid: University of Florida · · Score: 1

    How is it the university's fault to giving you access to the internet in the first place? Man, you have some seriously screwed values.

    When I was at uni, no-one got internet access. If you needed access to the internet, you had to use the computers in the computing centre, and ask for access too. And they used to ask such terrible, civil-liberty destroying questions like 'why do you want access?'

    You have it so easy, you've forgotten what it is you've got.

  4. Re:Sun will be fine - ha! on Merrill Lynch Rips Sun · · Score: 1

    For anyone that has used sun hardware, we know. It really can't be beat. The stuff is fast, scalable, and bulletproof. Sun OS is about as stable as they come.


    Oh come on, you've obviously not used anything else. We had to compare 2 servers - one from Sun, one from IBM. The IBM one was not only cheaper, more powerful, just as easy to manage (one of the CPUs was DOA, the engineer came round, whipped the unit out, slapped a new one in, said 'there you go' and was off), but also could close its door properly, and was a much nicer black colour. Oh, and we didn't have to fork out extra for a monitor - it came with a nice flat panel, which was good for 2 years ago.

    Apparently HP servers today are just as good.

    So, why would you rave on about Sun? Their competitors are better. If you want to spend millions of dollars on a really fancy server, buy an AS/400 (sorry, zSeries or whatever they've called it now). That *really* is bulletproof. Want to spend more?? Buy a mainframe off IBM and run 100s of linux installations off it!. (or even just a high-end unix/linux server . They don't give prices on the web, but if you have to ask how much it is.....

    Anyone that thinks Sun still competes, just hasn't checked out the opposition.

  5. charge by the hour? on Negotiating Pay for Open Source Work? · · Score: 1

    I wouldn't - I'd charge them a fixed amount for certain functionality. You will both be happier that way, as you won't have to provide timesheets, and they can budget for it much more easily. You're not a salaried employee, or a contractor for them after all. You're just being paid to do some work, and they will want to avoid the bureaucracy (and legal paperwork too)that timesheets entail.

    So.. the only question is what's reasonable.. I'd estimate the amount of time required, multiply that by an 'hourly' rate ($25? they won't squeal at that). Multiply by 1.5 just for contingencies. Then do the work.

    Your biggest problem with this, assuming that they are paying for defined functionality, is to get that functionality explicitly written down. No way do you want them to withold payment because they say you didn't do what they wanted - some b*stards will change the goalposts as you go, so you'll be working for free, but with added stress, for quite a bit.

    If, on the other hand, you're being paid to continue working in general on this project, then ask for a fixed amount periodically. hourly is probably too finegrained, ask for a chunk weekly or monthly, and estimate how many hours you can work on it.

  6. Re:He's right, you're wrong on Geer Comments On Firing From @Stake · · Score: 1

    yeah, we're all correct then :)

    I was trying to say that, although its true that security through diversification is good, focusing only on the implementation (and presenting it as a thinly-disguised attack on 1 in particular) is no use to me. I want non-partisan reports for security issues. (BTW I don't care if MS has 100% or 10% of the server world.)

    The issue that protocol does have something to do with this - you could say SMTP is flawed, it does allow all those spammer joe-jobs that cannot be pinned down to any single implementation. If there was a practical alternative, we'd be using that instead.

    Diversification of protocol would be a good thing, especially for design flaws that have yet to be found. Sure tcp/ip was a simplistic exampl... perhaps a better one would have been cryptographic algorithms, a flaw in that (not implemetation dependant) would be quite damaging. Good job there are several alternatives.

    Attacking the implementation is somewhat pointless anyway. So what if Word viruses can cause untold damage, even if 50% of all companies swap to an alternative, untold damage would *still* be caused.

    So, thank you for the constructive (and informative) comment, but I still think Geer has done himself a disservice. If only he'd presented a paper on security via diversification in general, I wouldn't think bad of him, but then I suppose hardly anyone would have heard of it.

  7. Re:He got what he deserved. on Geer Comments On Firing From @Stake · · Score: 1

    I like it that the CTO is expendable, and not just the 'little people' for a change.

    @Stake probably didn't defend him because it knew what he was saying was a biased, and incorrect interpretation. After all, if security is improved by using a variety of products, he'd have said that TCP/IP is the bad boy of internet security (as *all* internet attacks use it), or SMTP, or HTTP, etc. No, instead he singles out MS. At no point did he bother to point out the benefits of a widespread 'standard' either.

    I wouldn't mind if Linux was 99% of all systems used today, I think we'd have pretty much the same issues to deal with though - and Geer would be sniping at Linux's security flaws in favour of OpenBSD!

  8. Re:Help! Help! I'm being repressed! on Geer Comments On Firing From @Stake · · Score: 1

    Reading the article a bit more closely and you find that he blames Microsoft despite saying they didn't do anything to get him fired.

    "The more powerful you are, the less likely you are to have to pick up the phone" he said. In other words, MS didn't do a thing, but its still their fault.
    Hey, it could have been the government, they dislike people criticising the security on the systems they use. Or the Illuminati, don't want to upset them you know, and Bill Gates is quite high up in that organisation...

    What kind of wooly crap is this? I mean, if I criticise my biggest customer, or my company's profit base, I think I can expect my manager to have 'words' with me at least. This is just another MS-is-bad-and-I-don't-care-if-that's-true-or-not story.

  9. Re:Some add'l tidbits on Changes in the Network Security Model? · · Score: 3, Interesting

    First off, remember - you won't be able to think of everything.

    Thank you, you reminded me of the number 1 rule of security planning. In all of /. everyone is going on about VPN, SSH, etc - all technological solutions - and forgetting the real situation.

    Security is all about risk planning. There is no way you can either plug all the holes, restrict all the access properly, and manage all the resources. So, the question becomes not 'how to stop it', but 'what will I do when it goes tits up'?. Also, as someone undoubtedly has said, the only perfect security is in a concrete box, sunk to the bottom of the ocean. Well, yes.. but you always have to trade off security for usability. What's the point of being networked if no-one can access their files? People can access their files: dangerous security hole!

    You see - its OK having all the security products in place, setting them up perfectly, but then an employee logs on to the database and walks away with a backup of all the credit cards...

    and employee #2 gets a new toy, a wireless lan thing, and a passing hacker (theres always one), doesn't even have to raise a sweat listing off those same credit card numbers.

    Think *all* your employees are trustworthy (haha), well, what happens if someone walks into your offices (for a meeting, for instance), and surreptitiously plugs a wireless laptop into a network port, tucks it under the chair and walks off? Doesn't even have to be a spare port, they can plug in a little hub.

    You might as well ignore the technological security measures, sure you'd get hacked more often, but that just means you'd have to do a lot more work recovering the system - it does *not* mean that with the security products in place you'll never have to worry about performing that recovery process, so you dont need one.

    So, given that it may go wrong at any time, and you've figured out what you'd do when it happens. You also have a disaster recovery plan- for when the server room floods and is hit by lightning, or 2 hard discs go pop at the same time.

    Security - all about how much risk you'll accept, little to do with securing systems.

  10. Re:Bayesian filters on Changes in the Network Security Model? · · Score: 1

    well, I think if you accept 1% of attacks getting through is acceptable, and 0% dropped packets, then yes Bayesian filters are OK for you.
    But, 1% of network attacks are just as much trouble as letting 100% through. So why bother.

    But, having a bayesian-filter enabled firewall sounds like a really, really cool thing, with that latest security buzzword, so expect to see them soon after all!

  11. Re:Its about time. on Ion Engine Propels Probe to Moon · · Score: 3, Insightful

    so what you're saying is that NASA is the Microsoft of the space industry, and Russia, Linux...

  12. Re:Torygraph on Doctor Who Comeback · · Score: 1

    Doctor Who will be reappearing on the television screens, said a spokesperson. The storylines shall continue to have The Doctor fighting evil in all its forms and protecting the innocent population at large, unlike the current government whose policies and track record for dealing with the Dalek menace are woefully inadequate.

    For your entertainment, may I also suggest you go to http://www.bbc.co.uk/cult/doctorwho/deadringers/ . It may not be serious doctor who stuff, but it is brilliant.

  13. Re:Computer Security 101 on Reliance On MS A Danger To National Security · · Score: 1

    ok.

    services receiving viruses.. most of those worms run as their own services nyway - they don't modify system services at all. Even the Msblast worm ran as a simple user exe.
    I understand what you're saying WRT permissions, but if I can run a chmod 700, so can an app I'm running. Many of the Ms worms were VBscript anyway - not executables. Do you have perl installed by default? That could be used in much the same way. Sure, its easier to run an executable in Windows, you have to go through more hoops to do it in Linux - fair enough, that's more secure from casual clicking.. but it only delays infection once you've decided you do want to run/install it.

    My biggest point is that delivering a virus through a human attack is becoming more effective. You may be clued up enough to worry whether to run an app or not but many people aren't.
    Perhaps you've never met someone who has difficulty with computers who really doesn't quite understand the concept of files and directories - they're only confident enough to use the apps they've been shown, and end up with a 'My Documents' folder full of junk.
    These people are the ones who would end up running the viruses, worms, etc they were sent. These people are the ones who currently run the Windows viruses.

    BTW. The Simile virus infects Linux ELF files, no problem if it infects your files only? The Linux Slapper worm infects apache servers and contains code to perform DDoS attacks. If you think Linux is totally secure because of its design, you have your head in the sand.

    I don't mean to rant, but sometimes the amount of 'windows sucks, linux is the best' just doesn't help with the real problems. especially the problems that may end up affecting Linux one day. I mean, you do run an anti-virus package don't you? If linux is so secure why would you need to?

  14. Re:Computer Security 101 on Reliance On MS A Danger To National Security · · Score: 1

    what on earth has admin access got to do with most of these worms? All of them run pretty simple attacks, sending out internet messages. Now, what user connected to the internet, who isn't an admin, will not have privileges to send out these messages? Hmm...

    The biggest problem with Windows Security is that everyone runs windows. If Linux was prevalent, the same security flaws would be found. Remember the latest worm asks the user to install a 'security patch'. How many Linux users would run that? Same number as windows users? No? Well, that's because most of those windows users wouldn't be able to use Linux in the first place, not because of some mythical Linux super-security that prevents such attacks.

    Many of the other worms that hit (like Lovebug) required the user to run an attachment. Sure, its easy to tell a windows user to look at the extension - imagine a linux worm emailed to everyone saying run this binary without an extension. you'd run it if it looked innocent enough. Don't thnk you could never, ever be fooled into running it.

    Wat next.. imagine a world where Linux is suitable for your mum to run. Someone somewhere will update the mail app to allow you to view/execute attachments inside the mail window - for their convenience, and because they forget where they saved the attachement to otherwise. Next thing you know.. you've recreated the security flaws in outlook express that allow these worms to run free.

    It isn't any different, just because you like Linux and hate Wndows. I wish people would get a more unbiased view on these things - they are bad for everyone, everyone is just as vulnerable to them.

  15. Re:But theyre still gonna keep an eye on her. on RIAA Sues the Wrong Person · · Score: 1

    In feelgood news today, Grandmothers across the country have been pleasantly surprised by an increase in the number, and duration, of visits by their grandchildren. Here we see Mrs. Boggins viewing the internet with her grandkid Jake on her brand new wireless networked iMac. Doesn't that just make you proud to be an American. :)

  16. Re:Can we really enforce this? on California Tries Spam Ban · · Score: 1

    don't the spammer scumbags do this already?

    I guess if you've been attacked by return-address hell, you could prove you didn't send the emails from your server logs (or the logs from your ISP).

  17. Re:JAVA is the suv? on Phillip Greenspun: Java == SUV · · Score: 1

    lol. surely that'll be their own code then :)

    mm. you *are* the evil master after all.

  18. Re:They dropped support for x586 on Knoppix 3.3 Is Out · · Score: 1

    well, I certainyl wouldn't say 'fck you' for something that is free - if you don't like it, get a grown-up attitude, or make your own boot-cd linux.

    The guys provide Knoppix for free, and if they chose to make it 686-only, then fine by them.
    Personally, I think its a mistake, I doubt there's too much of a performance hit (prove me wrong someone :) and many people will be using Knoppix in crappy old servers where installing linux is too much trouble.

  19. Re:JAVA is the suv? on Phillip Greenspun: Java == SUV · · Score: 1

    believe you me, its probably easier to 'maintain' a set of glued togetehr scripts than it is for JSP/Java/well, any language actually.

    there's no guarantee that the students will write good code no matter what language they use. Sure, they are more likely to write hacked-together crap in a script language, but usually that's fine - need changes - rewrite it, that's what the underpaid hacker who does these things will do anyway.

    Probably the reason people prefer java and servlets is more to with experience with those languages, or religious reasons. In a company, you'll find that the language used is nearly always what the company dictates.

    Maintaining the last class' code is a fantastic idea though - teach them kids *why* you should write properly in the first place. hehehe.

  20. Re:Mo Money! Mo Money! Mo Money! on Windows ATMs by 2005 · · Score: 1

    its at times like this I wish there was moderator options for '-1 ignorant' or '-1 just dead wrong'. I'd have modded the original poster down for you.

    That said, perhaps '-1 karma whoring' would be more appropriate.

  21. Re:Mo Money! Mo Money! Mo Money! on Windows ATMs by 2005 · · Score: 2, Insightful

    kind of right - the suppliers to the banks are hammered on cost, and they tend to be more engineering-type companies that have to cut costs all the time.

    However, the banks are simply super conservative. I wrote a system to transmit credit card logs to an acquirer over FTP. which to the bank was cutting-edge technology. The *only* reason it was implemented was that the old transmission system was not y2k compliant.

    that does suggest a bit better security - how many hackers can hack Cobol code, or an obtuse transmission protocol that hasn't been used for 20 years? :)

    For the accounting - accountants read every bean that goes through the system (they like that). If anything happened, they'd start squawking and something might be done - a bit late perhaps, and maybe the missing cash would be written off, but you can guarantee they'd know about it.

  22. Re:Nutters! on Power Plant Fueled By Nut Shells · · Score: 1

    yeah, and they're not burning pistachio shells either. I think that'd be a great way of producing energy - after all, I eat a teeny weeny bag of pistachios, and I end up with a huge pile of shells afterwards!

  23. Re:install base on New ssh Exploit in the Wild · · Score: 1

    all the web servers that are remotely located, and several that aren't.

    Given the number of attacks on web servers are higher for Linux than Windows, (according to nercraft) the truth of his statement is already being shown.

    Cast stones at Windows if you like, but be prepared for stones to be thrown at you, for the exact same reasons.

  24. Re:Look at the game industry on Does C# Measure Up? · · Score: 1
    This really proves a point: When something is done in Java; it's highly touted. "Look, this was actually built using Java". The other 99% of the time, when the dev tools aren't so highly advertised, there is no Java.

    damn right. at a previous company, my boss wanted to use Java, so any excuse would do. He read an online article about how some US Airline was using java for its apps, and used it to show the board how java was completely used at this airline, etc etc.

    Unfortunately, if he'd read the article, he'd have seen that they were a) only investigating java programs, b) by using it for a very few totally-non critical apps.

    The parallels with /. are quite amazing, come to think of it :)

  25. Re:jump off the bandwagon on Does C# Measure Up? · · Score: 1

    oh god yes. GC is all very well, but the creators of the language forgot that memory resources are not the same as all other resources. Sure, an object takes no CPU etc so it can be deleted it when the system feels like it, but what if it holds a network connection open, or similar? Tough! You have to delete it explicitly, and program around that - call the 'tidy up' method explicitly, hardly encapsulating an object's behaviour.

    I think this is the biggest single-most hated thing about.net (and Java). Java gave us the brain-dead finaliser (no-one can disagree with that, it was a hack right from the start. Anything that 'may or may not run', that you 'should not use as it impacts performance', and 'cannot be guaranteed to run when you expect' cannot be any good) and .NET simply copied it! madness.

    Deterministic destructors can be combined with GC - you have to keep track of objects (eg allow stack-based allocation of single-reference objects) and destroy them when they go out of scope (a rough way of creating 'stack-based' objects). Easy peasy, but no - the designers figured sticking everything on the heap was a good thing and you, the programmer, would have to be responsible for object lifetime (unless they were objects that used no resource other than memory).

    Damn, damn stupid. Damn Java for giving that to us. Makes .Net (and Java) programming barely more object-oriented than structured programming (remember to call Dispose() during program flow guys).

    I'll rant about this for the next 5 years until the next big thing comes along. Perhaps that'll have reference counts as the solution!