Slashdot Mirror


User: sheldon

sheldon's activity in the archive.

Stories
0
Comments
4,097
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 4,097

  1. America does not value education on Scientific Elites vs. Illiterates · · Score: 2

    It's as simple as that.

    For all the talk that is done, when you get right down to it all people care about is who is going to win the football game on sunday.

    I guess I could gripe about this for a long time, but still it just boils down to a true lack of value given to intelligence and willingness to learn.

    We only need to look at our current President as a shining example of this character flaw in our nation.

  2. Re:heh on RMS Accused Of Attempting Glibc Hostile Takeover · · Score: 2

    Stallman's resentment began when the realities of the outside world hit the fantasy of his University world.

    It had nothing to do with the PC, his resentment was formed when a group of people left the MIT AI Lab and formed their own company to build machines which would run a LISP operating environment for experimenting in AI.

    It had nothing to do with the PC, and certainly nothing to do with Bill Gates. Microsoft did not invent the idea of closed source software... it existed for years prior to their startup.

  3. Re:Benefits on Linux Win In Schools · · Score: 2

    Hmm. Unix doesn't provide any inherent security over Windows NT.

    The way you achieve security is by proper administration.

    P.S. Being able to obtain root on a Win98 box doesn't make you l33t. :)

  4. Re:heh on RMS Accused Of Attempting Glibc Hostile Takeover · · Score: 2

    Don't confuse the history of the PC with the history of computing.

  5. Re:GNU is Not UNIX or Linux. but Linux needs ' GNU on RMS Accused Of Attempting Glibc Hostile Takeover · · Score: 3, Funny

    None of YOUR software would be possible without the great wisdom of RMS!

    I'll bet you didn't realize that we never thought about sharing source code to software until RMS and GNU came along, did ya?

    Yep, this is flame bait. :)

  6. Re:Communism, Free Software on RMS Accused Of Attempting Glibc Hostile Takeover · · Score: 2

    RMS clearly believes in communal ownership of intellectual property, rather than private ownership. He also appears to believe in central control, because the masses can't be trusted to work in their own best interests.

    I think it's somewhat difficult to not draw the analogies with communism because much of what we in the US generally despise about that system appears centered in the views of RMS.

    Now granted, he hasn't advocated shooting people. But hell, the century is still young!

    He has advocated banning developers from accepting large salaries, and I guess in my book that's pretty close to a death threat.

  7. Uh oh, fishy got caught in the net. on IBM's Purple Book and Open Source · · Score: 2

    Well thank you. I wasn't at all interested in anything that you wrote, but I'm glad to see some interest in my creations.

    I'm not familiar with this term WinDoh's lemming. Is that any relation to Winnie the Pooh?

    Does the posting of FUD disappear with age? I think it's remarkable how you've tried to change the topic of this away from your paranoid FUD attack into a personal attack upon myself.

  8. Time to throw the fishy back. on IBM's Purple Book and Open Source · · Score: 2

    Yep, pretty much. That's the line that caught my attention in your work of Science Fiction.

  9. Caught a bite! on IBM's Purple Book and Open Source · · Score: 2

    Cringely is a rumor mongeror, and Petreley is the FUDmeister of all time. Neither is a particularly noteworthy source of inspiration.

    Do I think you shouldn't consider it? No.

    Do I think you should go around trolling and claiming it has already happened? No

    It's the latter you guilty of, and why it's called FUD and not introspection.

  10. Trolling for tiny fish... on IBM's Purple Book and Open Source · · Score: 2

    Well I agree the trolls are thick, but they aren't coming from Redmond.

    You made a specific claim that Microsoft is going to require a license for this verification scheme.

    The article simply talks about generalities. That there is a patent, that Microsoft could do this, etc. All of these are what-if, basically typical sensationalist journalism, or what you might call FUD.

    I just find it's interesting how you take a statement of what might or could happen, and extend it into a claim that it is happening now. That's truly FUD.

    Next time you troll /. do it with something that isn't so verifiable. Maybe if you didn't provide the link, that would help.

  11. I like FUD on IBM's Purple Book and Open Source · · Score: 2

    "Now, Microsoft is going to require a license for the encryption algorithm for their password verification and modification. "

    Really?

    Did you read the article? You provided a link, but did you actually read the article?

  12. Re:Responsible Disclosure on On The Costs of Full Security Disclosure · · Score: 2

    No. Responsible Disclosure means the full details are only shared amongst the vendors and security experts.

    That does not mean no details will be provided to the public. Certainly the vendor will release a patch and a bulletin telling the public what is affected, how to tell if they are impacted, and how to fix or patch. This conversation may very well contain exploit code. But part of the key is that the conversation won't just be limited to the bug finder and the vendor, but actually shared with a variety of peers in the security community. Peer review will result in better understanding of the issue and more intelligent press releases to the public.

    It's just the real specific details that are left out of the public disclosure. But if you are a super smart mega hacker, from the limited disclosure you're going to be able to figure out anyway. But why make it easy for the script kiddies?

    It's not "security through obscurity" at all.

  13. Re:my solution on How Can I Make More Of My Cubicle? · · Score: 2

    Wow, a window seat...

    I haven't had one of those since I worked at the University. Course back then I had my own office, and such.

    Now I have the 7x7 cubicle. :(

  14. I'm your sledgehammer! on On The Costs of Full Security Disclosure · · Score: 2

    Can you go check to see what day eEye released their disclosure?

    Hint: June 18, 2001

    Now go check to see what day Microsoft released their disclosure?

    Hint: June 18, 2001

    What was this sledgehammer?

  15. Re:Security@microsoft.com on On The Costs of Full Security Disclosure · · Score: 2

    So what was this problem you discovered?

  16. Re:My problem with this. on On The Costs of Full Security Disclosure · · Score: 2

    So apparently you believe when eEye released their press release discussing this problem, there was no fix available from Microsoft?

    Do you have proof for this claim? Or are you just talking out of your ass?

    That "grace period" is how it's done today. Microsoft released their security bulletin on the same day as eEye released their disclosure information. Because they had been working together on the issue for quite some time beforehand.

  17. Responsible Disclosure on On The Costs of Full Security Disclosure · · Score: 2

    Microsoft already fixed the problem when eEye released their press release.

    So exactly how did this "pressure" help?

    The only "pressure" was on admins who learned that they should read these security bulletins and actually apply patches.

    Furthermore, I don't think you understand what Full Disclosure really means, verus Responsible Disclosure.

    Nobody is saying that they won't release info telling you what piece is broken, what port the information is coming in, or some sort of tag identifying the issue. (For instance the query string clearly showing up in everybody's web logs)

    They're also going to tell you that it's the index ISAPI filter, and you know you are vulnerable because you have the .ida and .idq mappings on your web site, etc.

    What they don't need to do is give out a detailed description of how you would write Assembler to take advantage of the hole.

    And lastly, what exactly do you think "Security through Obscurity" actually means?

  18. on Responsible Disclosure on On The Costs of Full Security Disclosure · · Score: 2, Insightful

    There's also a series of articles on ntbugtraq talking about this issue. Russ Cooper is a huge proponent of what he calls 'Responsible Disclosure', whereby basically a mailing list is created which only has subscribers from people in the industry. Namely vendors of the security products, and of the OS and other tools.

    This is the process that is used in the Virus community today, and it's been working well.

    One of the points Russ made was that eEye could have discussed this issue on the mailing list before issuing a press release. In addition to feedback having been given by Microsoft, there would have been peer review. Additional information would have resulted, clarifications on impact and so forth.

    Then a final press release could have went out, giving eEye full credit for finding the issue, but providing a wealth of useful information to the end-user/admin type folks.

    Russ also raised a point about eEye's motivation. Why do they insist on not only full disclosure, but also releasing exploit code? Again he raises a good point, and I think it's quite clear.

    eEye is in business to sell a product which supposedly protects you against these types of attacks before they happen. So it is in there best interests that an attack is quickly released and spreads rapidly, thus generating mass hysteria. Only with such hysteria can they generate traffic to their site and obtain orders for their product.

  19. Re:different cultures... on Don't Forget That Worms Happen Everywhere · · Score: 2

    "Unix-like operating systems are minimalist and modular"

    It would have been curious to hear you make that same statement back in 1992, when I first started working with Linux and having 16 Megs of RAM to run X11 was considered a luxury.

    You know Windows 2000 comes with a telnet server? It's installed, but not started by default.

    Can you say the same about most Unix distributions? No.

    Furthermore Redhat for the longest time went off and installed a whole load of services by default. My Solaris install at home has sendmail running by default. Do I need sendmail? No.

    I think you'd like to believe what you are saying. But I really don't find a whole lot of evidence to support it as fact.

  20. Re:What happens when there isn't a patch ready? on Don't Forget That Worms Happen Everywhere · · Score: 2

    Shutting down the index server and renaming default.ida would result in no benefit.

    The problem was with the index ISAPI filter, and you had to either delete that, or just remove it .ida and .idq mappings from your IIS website.

    There are many of us who didn't have problems with Code Red specifically because we had made these changes last year before there was a known problem, patch, exploit, etc.

    Microsoft has also learned from that mistake, and supposedly IIS6 in XP doesn't install this crap by default.

  21. Re:Agreed with comments... on Don't Forget That Worms Happen Everywhere · · Score: 2

    Actually as I recall one of the really popular 'ping of death' attacks affected Linux as well. Teardrop I think it was called. You sent some sort of fragmented packet at the machine and it just got lost trying to deal with it.

    The sad thing is, these were fixed almost immediately in all the respective OSes, but it took quite a while for people to apply the patches.

  22. Re:JVM supporting other languages... on Will Open Source Lose the Battle for the Web? · · Score: 2

    Well COBOL.NET is reportedly very robust.

    But I was trying to focus on the [Everything But Java]/JVM apps, not Java/JVM. If these other languages are seriously being used, seriously supported I'd like to know about it.

    I can't say that someone saw a need for each of them, it appears from going through the list that someone had an interest in seeing if it would work. But a good chunk of that list results in 401 errors, so I question the viability.

    Sun certainly doesn't support or even encourage it, whereas Microsoft does.

    As far as viability of .Net. You have to remember when Microsoft left the Java market back in '97 their JVM was the fastest available. Some have suspected that was Sun's real reason for pushing MS out, because they were showing 'em up. .Net has been in development since '97 and is remarkably stable today. Much more so than Java in it's first years of release.

    We'll see.

    But again I just wanted to question the reality of this [Everything but Java]/JVM myth.

  23. Re:I really should have started the company on Will Open Source Lose the Battle for the Web? · · Score: 2

    You said you've watched the internet spend 10 years trying to come to terms with the lack of a hosts.txt. Seemed like a very odd statement.

    As far as the HUH? More specifically I was trying to figure out why you had misunderstood Microsoft's .Net. It's clearly developer centric, just like all their other development tools. It's also clearly not Data centric other than the ADO.NET piece and a realization that most web apps do save/retrieve data using a database.

    SOAP isn't complex, certainly not compared to COM or CORBA. That's one of the great things about it, it's relative simplicity.

    As far as being slow, that's a debatable question. It depends on your bandwidth available, I suppose. That seems to be your point. No more slow than using http to display web pages, and I see no reason why it couldn't take advantage of compression like mod_gzip across the http stream.

  24. Re:What ended it for Loki on Loki Files For Chapter 11 Protection · · Score: 2

    Now this sounds like a really good idea!

    So why is it only Caldera is participating? Why not RedHat and Mandrake?

    Is it just RMS getting in the way of progress?

  25. JVM supporting other languages... on Will Open Source Lose the Battle for the Web? · · Score: 2

    I know I keep hearing a claim that the JVM supports dozens of languages. You even provided a link.

    But my question is...

    Are any of these actually being used? Or are they just experiments.

    That's the difference between .Net and the JVM.