Slashdot Mirror


User: WNight

WNight's activity in the archive.

Stories
0
Comments
6,024
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,024

  1. Re:Sorry but... on The Internship That Students Drool Over · · Score: 1

    Oh yawn. Quit your drivel. There's a difference between representing accused criminals and making a business of defending people you know are not only guilty, but will offend again.

    As for the microsoft thing, they did fake evidence. It was never prosecuted, but they still displayed a take that was obviously faked. Did they "accidentaly" fake it? Or rather, is it more likely that they simply weren't charged because it would have been almost impossible to find the actual people in charge of that decision?

    There are many times you know a crime was committed but you're unable to prove who did it. The standard B movie fare is an example; the lights go out and someone is shot. This time though, Microsoft was the only one in the room.

    Combine that with all of their crimes they have been convicted of (or argued down to settling out of court) and it establishes a pretty clear pattern.

  2. Re:What were those commons passwords in Hackers? on New Windows Worm Inching Around Internet · · Score: 1

    Well, it wouldn't be hard to get user names. Just go through sign-up proceedures trying to come up with common names. Every time you're told to pick another you know it was already taken. And really, all the common first names and many irc nicks will be taken, so even without verification it'd be easy to guess.

    And you've said that over 10% of passwords are a certain pass. That's about ten guesses until you get in, on average.

    It wouldn't be hard to figure out which systems you run. Pull up whois records for voynetworks.com, then do a google for the information you find. Look for companies owned or admined by someone with similar info. You've said it's an adult site, so that narrows the search a bit.

    And really, even if we didn't find *your* sites, I doubt other sites have more intelligent users, so if we got bored we could just go guess passwords at other sites. :)

    btw, I like your logo. Classy and easily recognizable.

  3. Re:Password rotation sucks on New Windows Worm Inching Around Internet · · Score: 1

    Against who? An insider who can simply unplug your machine and use a boot floppy when it comes back (and can remove the HD and use it in his machine if you've got too many protections)? Against him a strong password is slightly more secure, but he'll probably not even try passwords, opting for the sure method.

    Against someone over the network? A secure password in your desk drawer is much better than a rememberable password, or the same random pass from other systems, one of which might be compromised.

    Make strong passwords, keep a list in your wallet. We're already accustomed to keeping credit cards and other sensitive things in there, so you're unlikely to lose it. And if you do, have your account locked until you change your password.

  4. Re:Is that really better? on New Windows Worm Inching Around Internet · · Score: 1

    Yes. An attacker inside a company has many ways of breaking into machines. There are simple keyboard taps that you plug into the back of the machine and plug the keyboard into which will record a rolling 60k of keystrokes. They're $50 or so, last I checked. They can also reboot the machine and use a boot disk, or one of a million other things. A password hidden in a desk drawer doesn't change that much.

    But, for an outside attacker who has to guess a password because he doesn't have physical access, a random password is the end of the line. A weak password gives them a machine to attack the rest of your network with.

    Many admins I work with use one-time passwords and keep a list of a hundred of so in their wallets. They append a short secret string to them to stop trivial usage (and hoping that the list of one-time passwords runs out before the attacker guesses the extra part) but they treat it like credit cards. If your wallet is stolen you call one of the other admins and have your account locked until you go into work and print a new set of passwords.

  5. Re:Sorry but... on The Internship That Students Drool Over · · Score: 1

    Enron took good care of their employees. Right up until the end. Who can say what MS would do?

    Your tired "You'll say MS is so bad, no matter what," line is incredibly ignorant. MS is a criminal company whose management has shown time and again that they are willing to put other companies out of business through fraud (DR Dos, etc). I not old enough to have seen the AT&T anti-trust trials, I don't invest much so Enron didn't personally affect me. I am a computer programmer though and I interact with other computer people. I have seen a lot of people hurt by MS's actions.

    I also read the news and I see things like the BSA and Trustworthy computing, both of which indicate that Microsoft is continuing in the same fashion. Outright lies backed up with armies of lawyers.

    If you don't want to hear people bash Microsoft, I suggest you start hanging out in a society of Albanian goat-herders. They probably haven't had the experiences that most Slashdot readers have.

  6. Re:Sorry but... on The Internship That Students Drool Over · · Score: 1

    We need criminal attorneys, we don't need scuzz buckets who continually represent people they know are going to re-offend.

    Once again, what's sick is people like you who think it's okay to profit from crime as long as you aren't actually the guy with the gun.

    As for MS lying in court, do you remember when they faked up the video that showed the slow unstable computer, after IE had been removed? It was shown that they faked that up. They didn't mislabel another video, they didn't mistakenly videotape the wrong computer. They intentionally faked removing IE and then faked problems on the computer to make it look as if IE was required. It was shown in that trial that the order to do so had come down from management but because of the diffuculty in proving and prosecuting perjury, the issue was dropped.

    But, the order was given, the video was faked. Video don't fake themselves and no low-level employee is going to decide to do this on his own.

  7. Re:Whatever... on Why Browser Innovation Matters · · Score: 1

    Yes, actually, Mozilla will.

    Check out Linky and Leech.

    But, if you really want to find pr0n faster, I've heard that Gnaughty is the ticket.

  8. Re:*IE is dying on Why Browser Innovation Matters · · Score: 1

    Let Mozilla pre-load like IE does. It's instant then.

    Your comment about built-in pop-up blockers is a bit silly. How do you know you're going to go to a site with popups? I know game crack sites and porn sites have them, but these days, so do many other sites. Whenever I'm at a friend's place and browse on IE I find a new site that opens four or five popups...

    Also, the popup blocker probably requires more code for the user-interface than for the blocking. It's simply refusing to run certain javascript commands (such as OnExit() or whatever it's called) if an option is set. It's a trivial patch. Bloat is having to download another program, use interprocess-communication, waste disk space, and not have a seamless interface. All to do what Mozilla does essentially for free. Go off to mozdev.org and browse the source code for mozilla addons, like Linky. It's tiny, yet it adds a ton of functionality. It's so easy to write extensions for Mozilla that I now can't imagine using anything without all the powertoys.

    I can also tell you're not a power user. I've very often got 20+ tabs open when working, if I'm reading fark and slashdot I've got double that. I can consistently switch between them, despite the order I may have accessed them in.

    Having all of that on my task bar with a few shells, a compiler, and various other apps, would be a bit of a mess.

  9. Re:Sorry but... on The Internship That Students Drool Over · · Score: 1

    Over the last year I've donated my money and time to local charities.
    I've given blood.
    I take a bus to work because I care about the environment, and every year I clean up trash on the Oregon coast.
    I'm a paying member of the EFF.
    I'm at a telemarketing agency.
    I work on the lead development team, and my job is to speak with people everyday and make sure we're building a list of gullible old ladies to scam.

    You may consider me immoral, but I think that pales in comparison to a person that posts ignorant and bigoted comments on a website.

    Oh, sorry, isn't that what you said? You asked us to absolve you from all responsibility for the crimes commited by the company you work for, because you gave some blood?

  10. Re:Sorry but... on The Internship That Students Drool Over · · Score: 1

    I agree. You hear everyone preaching personal responsibility when the story is about someone addicted to Everquest, yet when the story turns to one of morality in business...

    "I have no choice, I needed the money..."

    It's never to make sure their kids have food or clothing, it's to make sure they make the payments on the beemer, or the expensive house. It's never to send money to their poor overseas family, it's to allow them a luxurious life.

    What gets me is that we wouldn't accept this from a car thief but we accept it from white collar criminals, or those who don't actually commit the crime but profit from it.

    The people who lost everything because MS stole their product, or subtly rigged windows to lie about their product, didn't have any choice. Yet, working for MS (or Enron, or whatever) is okay because "I don't have any choice". Bullshit.

    You're responsible for yourself. If you wouldn't accept "I didn't have any choice" from the druggie who mugged you for his next fix, don't give it to us as justification for mugging the industry for your next fix.

  11. Re:Sorry but... on The Internship That Students Drool Over · · Score: 3, Insightful

    Sorry, but it's not an open-source issues. It's all about how important your personal morality is. I've quit jobs because the company was breaking the law and hurting people in a way that I wouldn't do. By working there, I felt that I was contributing to that, and parlty guilty for the losses of the innocent people being bilked. That wasn't even a computer company, no open source, no Microsoft, nothing but dishonest people stealing from innocent customers.

    What offends me is your attitude that there's nothing more important than a comfortable income. To the point that you'd work for Enron, or Microsoft. You're right that Microsoft is no worse than Enron, they're exactly the same. It's an old tired story, but Microsoft has broken many laws. If they weren't as rich as they are they'd have been smacked by the courts. As is, they've merely destroyed the livelihood of thousands of people whose only crime was to want to run their own company and develop their own products.

    The worst part of white-collar crime is that it's socially acceptable. Nobody would associate with a car thief at a cocktail party, but the lawyer that represented the thief even though he knew they were still in business. Nobody would associate with someone who rigged a software product to make it appear that a competitors product was defective and lied in court about it, but it's okay to work for this person or buy stock in his company and profit from his crimes?

    That's sick.

  12. Re:Metroid Prime on GDC: 10 Reasons NOT to Make MMOGs · · Score: 1

    This is something I don't understand about console games. They're all bloody hard, in annoying twitch ways. Even RPGs find ways to put in a ton of twitch crap. Zelda 64 had mini games which, while technically optional, were as good as required, and it's just the first example.

    PC games, not console ports, seem so different. They'll give you multiple difficulty levels so you can finish even if you're a gimp, or so you can fight for every inch, if you want. I like this. If the gameplay is dull (yet another FPS for example) I can drop the difficulty a bit so it's not terribly challenging and just explore the puzzles, but if I keep playing a game because I like the gameplay, I can ramp up the difficulty to exactly what I want.

    PC games seem to be more about letting the gamer choose what to do, instead of presenting them with THE GAME, to be played as the designer intended. It's not a strict PC/Console divide, but you can certainly tell a game designed this way.

  13. Re:Simply More Evidence on Significant Interactivity Boost in Linux Kernel · · Score: 4, Interesting

    Not quite right. Every multi-tasking system since the first few in the 70s has had the concept of running interactive apps with a higher priority. It's a very obvious improvement.

    The non-obvious improvements are things like making the applications that depend on, or are depended on, by the interactive app, run faster. There are also additional tweaks to this that that are being considered such as giving interactive programs a smaller time-slice, but more of them, so it'll do things like paint the windows properly in respose to your movements, but it won't bog the rest of the system down.

    Technically, scheduling tweaks do add to code complexity, but only in such a tiny way. Linus's patch was five lines. And Linus is very concerned with making sure patches are self-contained and, when possible, aren't spread out, a few lines in many different areas. He's got a very good, very "correct" attitude about design. It comes from him being happy with Linux for years now, he's not rushing to any specific point so it becomes useful. He's willing to put the time in to do it right.

    Anyways, this is to say that most kernel patches don't lead to complexity, most decrease the complexity of the code. Linus has often sent patches back to be done the "right way" instead of allowing a hack. This tweak is so small and self-contained that it can't really be said to add complexity to anything.

  14. Re:Two things: on GDC: 10 Reasons NOT to Make MMOGs · · Score: 1

    The problem is the assumption that everyone needs to go through an identical quest to experience the content.

    You could easily create three quests at various levels that had the "same" NPCs (in the low-level quest they're peasants, in the mid-level they're merchants, in the high-level they're rich nobles) all who need roughly the same thing done. When the character goes off to fight the monsters they get ones tailored for their level. 98% of the dialog is shared, with only a few tweaks to make it fit the situation. "Welcome to my [home|business|estate] ..."

    Make sure there's enough content at any level that you can't do it all, and when you finish one of these quests, have it not show the higher level versions to you later.

    The "different views of the same world" could get rid of spawn camping, or at leasdt, get rid of spawn hogging. There's no reason why there's only one orc cave where the tribe respawns. Maybe everyone wanders off and finds a different one... Of course, they're all at the same spot on the map, but if you don't cross into a zone with other people, or go looking for other people, you could be put into a parallel world where you get your own orc tribe to deal with. It breaks a bit of the MM in the MMORPG, but people want the ability to group, not necessarily the requirement to hang out with everyone else doing the same quest at the same time.

  15. Re:And all this time on Windows Rootkits · · Score: 1, Troll

    While I think we should give credit where credit is due. If MS does something good we should say so. (However rare this might be.)

    That said though, MS is a company run by criminals, with a long history of criminal actions. And they've tried to get open source software, the software I and many other users use to make a living, outlawed in the US, or at the least, banned for government use. They're essentially trying to FUD everyone here out of business and mandate use of their software.

    I think it's fair to expect that they're going to get a bad rap, here of all places. Microsofties come here, to the site most identified with open source ideals, and expect that we should kiss the ass of the company doing the most to ruin our way of life. How stupid are they? Even if MS doesn't suck *right now* they suck for all of the things they have done in the past.

    This is my long way of saying that I totally agree. Fuck off to the MS forums where you belong, you trolls. You'll get absolutely no respect here for osculating the prosterior of billy boy and steve "Developers, Developer, Developers" ballmer.

  16. Re:Punish the innocent to get at the guilty on Proposed Usenet Death Penalty for Australia's Largest ISP · · Score: 1

    Companies understand only money. The only way to hurt them is to make the users leave. Those users are a part of the problem themselves. They won't switch companies (and tell the old company why). They'll sit comfortably until someone or something forces a change.

    Personally, I think assault is the right way to deal with spammers. A baseball bat to the chest is fitting treatment for people who know they're hurting everyone and keep on doing it just to make a buck. If a few of them met with painful ends the rest would think twice.

  17. Re:Looks like on Review of First 10K IDE Drive · · Score: 1

    Yeah, I'm sure they hate the idea of having thousands of people stop by their site and view their banners. Better they reach a wider audience to solicit for donations.

  18. Re:I know it's a joke, but on Review of First 10K IDE Drive · · Score: 1

    I think the real solution to this is to have userland hinting for the VM module. You can specify if the machine is supposed to function as a server (minimum availability for all programs is important) or a single-user workstation where you're willing to wait a bit if you do something unexpected in order to get your primary aps working twice as fast.

    Then, the program watches what's in memory, decides what pages are important for interacting with the users (which memory corresponds to the active tab on all the browser windows) and marks that as being higher priority. Also, watching access patterns to see if it can guess at your likely actions and have the program pulled in off of disk.

    There's no reasonable ammount of ram that would hold everything I do in memory. I've often got VMWare open, with IE, Mozilla, and VC++ in it (for writing and testing windows apps) and then in Linux, a bunch of shells, Mozilla with 40+ tabs and five or so windows, XMMS, a compile running, Kate with a few tabs, GQView, Gimp, and a few SSH sessions transfering data. (LUFS, the Userland Filesystem lets you mount SSH sessions, very nice for secure networking without any setup.)

    If I had more ram I'd have more things open. I'd prefer a system with 1GB of ram and a caching strategy that I could tweak (and would watch what I do) more than 4GB and a simplistic caching structure. I tend to rotate through apps, do some linux work, pop to "Windows", check it out in both browsers, compile the windows module, go back to Linux, check stuff in GQView, hit four or five random tabs in Mozilla (usually docs for the stuff I'm working with, occasionally Slashdot while waiting for a compile). If the VM system ditches the least-recently-used pages this often means that it's loading everything I select, always swapping things in. If it kept "hot" data in ram, even while not in use, it would be more helpful even if it meant longer delays for not-hot pages. But this is too complex for a kernel module (and everyone has different needs) so allowing the user to tweak it (and the program to watch which processes are running and apply specific templates for each) would probably yield the best performance.

  19. Re:Apache, Lesson One on Bad Behavior on the 'Net - Who Pays the Bandwidth Bill? · · Score: 1

    I've lost $Y-$Z in that day,

    That assumes that nobody from Slashdot it interested in buying your product.

    Anyways, this is a dangerous line of reasoning. There are many things that can cost you business that aren't anyone's fault. In fact, a "bricks and mortar" store can suffer the same way, if they get mentioned on the radio or a lot of people otherwise find out about them they get a lot of window shoppers. Even if everyone intends to buy, the crowd inhibits natural flow through the store and can lower throughput. It's a risk you take by being in business.

    [Configure the server to deny requests gracefully]
    Apache does that; I assume other decent web servers do, too.


    There is a limit to the number of connections Apache will try to service, but that limit may not be right for your CPU/RAM and your bandwidth. Especially if you have complex interactive pages.

    Graceful failure can mean changing pages to a more static view (and closing forums and other pages that won't work in static mode) or simply showing a static "Sorry we're temporarily out of service due to a slashdotting" screen. All pretty easy to do, and with mods like that a 128k link can serve thousands without crashing or appearing to not be there.

    It's similar to stores planning what to do if too many people come by. A usual strategy is to place a staff person at the door, limit entry to a few people at once, and answer questions for the crowd.

    And, if you're not prepared for a slashdotting, are you prepared to a CNN article that sends thousands of people off to google searching for exactly what your site offers? Or any of a thousand other things that could happen?

    I'd be quite happy for them to mirror it for the day, with prior, explicit approval from myself.

    That's the problem. The laws on caching need to be changed to not require any interaction with the content owner. It should be assumed that if the content is being offered up for public consumption that networking hacks (caching) to better achieve that are allowable. Caches can be configured to show old static content and still request fresh banner ads (which ensures you'll get paid for all the hits).

    Sure, some slashdot stories, even most perhaps, aren't breaking news and they could wait to post them until contacting the admin. This is probably what they should do for lego competitions and RC-car hacks. But what about "real" news, like RAMBUS's continual fraud? Should they hold a news posting and maybe cause Slashdot readers who own stock in one of the companies involved to lose money, because the evidence for the accusation is on a site whose owner can't be contacted? Should they just post a blurb without any links to the facts?

    If they did it wouldn't help, people would head to google and find the site.

    But google, and its caching of sites allows them to show people your site, something they couldn't do if they had to ask first.

  20. Re:In other words on Bad Behavior on the 'Net - Who Pays the Bandwidth Bill? · · Score: 1

    If you properly configure your webserver it won't crash under a Slashdotting, it'll just get rather slow. And it's not a DDoS attack, it's like a thousand people calling for a pizza at once and putting a huge load on the restaurant. They set up the web server to show documents to people, people are requesting them. it's a perfectly legitimate transaction.

    You seem to suggest that a restaurant which was so crowded by people wanting service, that it had to shut down, could blame the reviewer who told people that they served good food.

    And really, it's a fault of the stupid laws. Can you imagine seeing something really interesting and then having to say to your friends "This guy's telling the greatest joke, but I'm not legally allowed to tell it to you, so you'll have to go listen to him directly." That's the situation with caching. There are already solutions that allow a third-party to cache the static content and still pass fresh banner ads on to the viewers, but the over-reaching copyright laws make this a gray area at best.

    And what would Slashdot do if they told someone they were going to be featured and the admin told them not to? Should they not tell people about the news? Should they just mention a few keywords and let people find the site via google? Would a link to a google query that would bring the site up as the #1 result be the same, legally, as a direct link?

    It's ridiculous. Admins need to understand their server and configure them to refuse requests when overloaded, so that they don't crash under what is going to increasingly become a normal occurance. This used to be a Slashdot effect, now it happens from Fark, Kuro5hin, popular blogs, and so on.

    Instead of bitching at Slashdot, bitch at the politicians who wrote the assinine copyright laws that don't allow caching.

  21. Re:Can somebody explain Australian law for me? on Australian Federal Police Raid Major ISPs · · Score: 1

    Quite right. If the average citizens of a country can't understand a law, it's a bad law.

    I think the entire legal code should be under fifty pages, should be written by the guys from Plain English, and should be taught to school-children. In fact, I think the complexity of laws should be judged by the percentage of people who understand the law. If you can't get 95% of people to understand a law (and remember them) you can't in good faith prosecute them for not obeying it.

    There's a lot of redundant laws that could be removed and a lot of overly complex laws that could be written a lot better.

    Then, if someone has graduated high-school you *know* they understand the law, because it's a mandatory course. And if they don't grad, perhaps they shouldn't be treated as adults until they do. (If you end up with more than a few like this, you know the course is too tough.)

  22. Re:Payment Insurance on Do You Write Backdoors? · · Score: 1

    Limitations like that on a contract (Author bears no responsibility) aren't valid and never will be. It's like GM saying "We bear no responsibility if the car suddenly blows up, killing you and your family."

    You *always* are assumed to have constructed the product with the good-faith intentions that it function as advertised. If it is discovered that you didn't, the original contract is nullified. Likely you're also being prosecuted for fraud.

  23. Re:Payment Insurance on Do You Write Backdoors? · · Score: 1

    Read that as "If I ever discovered that someone who did work for me had written code to do this, or used it against someone else, I'd immediately terminate the contract, as well as warning everyone I knew to avoid them."

    I don't accept this from Microsoft, I won't accept it from anyone else.

  24. Re:Payment Insurance on Do You Write Backdoors? · · Score: 1

    I refuse to buy any software that doesn't work perfectly without contacting a server. Companies always say they'll release the unprotected version if they go bankrupt but that wouldn't happen for two reasons. When a company goes under nobody can get in to release anything, and if they did, they'd be liable to the creditors for the assumed lost value of the software (ie, as much as they can get a judge to buy).

    I won't even buy software that I can't crack to get rid of CD checks. It's funny that pirated software is nicer to use. The companies penalize the legit users and any cracker can remove protection schemes in his sleep so pirates never notice.

  25. Re:Depends on the backdoor. on Do You Write Backdoors? · · Score: 1

    The problem with this is that you probably aren't as good of a security coder as an application coder. You leave a hole open for yourself to use and it's likely to be wider than you thought. It's enough of a problem to remove all the holes, let alone leave a special little one that's only going to work in a specific way.

    You're much better off knowing how to overwrite their admin password for the program (with superuser privs) and SSHing in and doing this, than having a special way if that is supposed to bypass the password.

    And SSH can be limited to answering just a few specific IPs as well. With the right firewall setup you can keep all but a few IPs from even seeing SSH, making it easier to "stealth" the machine.