Slashdot Mirror


User: raymorris

raymorris's activity in the archive.

Stories
0
Comments
10,114
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 10,114

  1. He meant it. He's an Obama voter. on The Cyber Threat To the Global Oil Supply · · Score: 1

    Maybe that's exactly what he meant, he was assigning private assets to control by politicians. After all, if you dedicated your life to making something, you didn't build that.

  2. Everything is connected via employee desktops on The Cyber Threat To the Global Oil Supply · · Score: 2

    With the exception of maybe 12 organizations in the world, EVERYONE has mission critical systems connected indirectly to the internet. In a "highly secure" organization, I'd have two machines on my desk, one is not connected to the internet and has access to an important database. The other has internet access. That's good, right? Problem is, I need to be able to transfer information between my two desktops, so there is some sort of connection between them. That makes an indirect connection between the internet and the critical database. More analogous to the TFA case, where it was 30,000 machines, 75% of their desktops, losing that number of ANYTHING is damaging. Let's say you consider a desktop used by a customer service rep "not mission critical". The web site and mail system have to be connected to the internet, of course. How would your company be affected if you lost email, the web site, amd the customer service department for a week or two? How about if the payroll person's desktop is down also? Heck, even dumb things like the toilet paper delivery seem pretty important when you lose them.

  3. Share account information + cheat = caught. Duh on Nike+ FuelBand: Possibly a Big Security Hole For Your Life · · Score: 1

    Hmm, so if you explicitly share your information with someone in a trusting relationship, then you break that trust and screw them over, you might get caught. The person you gave the information to might see something in the information you gave them. Where's the news in this? Just like if you share a phone account with your GF and you're calling another woman at 1AM, she might notice. Duh. Don't fake trust (like by sharing an account) and then go cheat on her. This warning was documented over 2000 years ago.

  4. MS trying to implement *nix security model on Windows 8 Defeats 85% of Malware Detected In the Past 6 Months · · Score: 5, Interesting

    In the last couple versions of Windows, MS has been trying to implement something like the old (pre SELinux) *nix security model. This after having removed it. Why? Because they had removed the security, for good reason, and the *nix model is a good one. In the old days, there were network operating systems. Many users had terminals to one computer, which protected one user's work from other users mistakes or malice. It was designed for security and it was Unix. It was also huge and EXPENSIVE. One day a guy wanted an OS to fit on a 512k floppy disk and run with 128k RAM so people could afford computers at home. Single home computers, not corporate networks. To make Disk Operating System fit on a floppy, he removed stuff DOS didn't need, like security. (No network meant few threats.) A GUI was added. Backwards compatibilty was maintained with the "no security needed" DOS. Then the internet happened, and Bill crapped his pants. Since then, MS has been trying to design security back in, while maintaining backward compatibility. DOS programs still run on Vista, without running into problems with new security added since Disk Operating System. Linux has always been a network OS, never a disk OS, and has therefore never removed the security model.

  5. I think I can because I have done so on Windows 8 Defeats 85% of Malware Detected In the Past 6 Months · · Score: 3, Interesting

    It's amazing that some people insist that we can't do something which we do all the time. Look at the CVEs man, we find and fix weaknesses all the time. If you did look at the CVEs, you'd find my name. That's pretty solid proof that you're mistaken - I can find vulnerabilities because I do find vulnerabilities. When it comes to Windows, I don't know Windows. I haven't used Windows in fifteen years. When people ask me to work on their computer, I turn away all Windows work except "I forgot my password." I can't USE Windows, but I can sure CRACK Windows.

  6. Before learning something NEW asking ?s is sma on Ask Slashdot: Which Virtual Machine Software For a Beginner? · · Score: 5, Insightful

    If the OP knew a lot about circulation, he could look at different hypervisors and interfaces and make an informed choice. Since he's not real familiar with topic, he would only be judging which has the best sales pitch. He's trying to decide which one to learn on. Since he doesn't understand rhe field well enough to make informed judgement, asking those who DO is smart. It's a very good question. I bet you're the arrogant fool exec who chose IIS as the proxy server based on "feature lists" rather than asking the geeks who actually know about such things.

  7. Bzz sterpids improve muscle, LSD = yellow submarin on Do Recreational Drugs Help Programmers? · · Score: 1

    Steroids improve athletic performance. LSD increases ridiculousness (yellow submarine, anyone?) sober helps logic (programming) Sure there will be a few exceptions to any rule, but the rule is still valid.

  8. My predecessor was stoned. Smoke AFTER work on Do Recreational Drugs Help Programmers? · · Score: 1

    I'm fairly certain my predecessor was stoned or tripping acid when he wrote the code I have to maintain and I have no doubt he THOUGHT he was writing good code. Code is basically logic, math. Logic and drugs don't go together. Please get high AFTER work, not while coding.

  9. Add Google docs integration to the system on Ask Slashdot: How Would You Convince Someone To Give Up an Old System? · · Score: 2

    Add a function that automatically uploads the docs to Google docs when they are uploaded to the old system, and a small button to view them using Google docs. People, including Bob, can then try out the new "G Docs" in the context of the old. Then two months later ask Bob how he thinjs G Docs might be more integrated into the UI.

  10. Who'd have thought Obama could be twice as bad on New Jersey Residents Displaced By Storm Can Vote By Email · · Score: 0

    Yep. What makes the fanbois seem so silly is that both Bush amd Obama are indefensible by any objective measure. By many measures, Obama is twice as bad as even Bush was. For example, Obama more than doubled the budget deficit. Hopefully Romney will be better, he could hardly be worse than Obama or Bush. These last two were horrible by any measurement not specifocally chosen to try to make them look good. Clinton, Bush 1, Reagan, all much better than Obama or Bush 2.

  11. Company offers to transfer private data on Verizon Worker Arrested For Copying Customer's Nude Pictures · · Score: 2

    Since the company offers to transfer private data, they are responsible for arranging that they do it properly. Ever heard a bank say "sorry, an employee stole your monry, not our fault"? No, the risk is foreseeable, so the company uses policies, procedures, and equipment which protect from these obvious risks. It appears that Verizon did not take appropriate measures. (One example is that they could have regularly reminded employees that such action could be a felony and that management WOULD call police if anyone was caught stealing customer data, along with methods to detect such actions, Including mystery shoppers watching for it.)

  12. Charge phone from existing transmissions on Wireless Power Over Distance: Just a Parlor Trick? · · Score: 1

    Sending out power for wireless charging is inefficent, but the radio and TV stations are already sending out tens of thousands of watts. Also your wifi is already transmitting. Absorbing that energy 24/7 would at least help keep a phone or some low power device charged, so why not.

  13. I would have agreed with you, dogs don't testify on Supreme Court Hearing Case On Drug-Sniffing Dog "Fishing Expeditions" · · Score: 1

    I might have agreed with you until two years ago. That's when a cop who was having a bad week decided that his dog thought he smelled something in my car. After being drtained for two hours in freezing rain as the cop dug all through my car, nothing was found because I don't do drugs. Speaking to the cop two months later, it was clear that the cop, not the dog, decided that he wanted to search my car. Noone could ever prove that because the dog can't testify about what they smelled, or didn't smell. Courts just have the cop's word on how he interpreted the dog's actions.

  14. It works to keep police and DA in line 99% on Supreme Court Hearing Case On Drug-Sniffing Dog "Fishing Expeditions" · · Score: 2

    That rule is pretty effective because it uses the motivations of the police (to get the bad guys) to keep thrn from violating the rights of citizens. There are a few bad cops, of course, but 99% are careful to not do an illegal search precisely because they want the evidence to be admissable. Cops and DAs don't talk about what's right and wrong, they are careful about what's admissable and what's not.

  15. Join IETF or kernel-devel on Ask Slashdot: Rectifying Nerd Arrogance? · · Score: 1

    Become active in IETF, kernel development, or similar. If you think you can code, trying to keep up with T'so, Torvalds, and the like will put you in your place. I thought I was a "10" and I was right. I found the scale goes to 1,000.

  16. None of which afects readdir or fopen on Ask Slashdot: What To Do When Finding a Security Breach On Shared Hosting? · · Score: 0

    Those are all good security practices, and all irrelevant to being able to write a script that reads files. exec() and passthru() certainly can be considered dangerous, but they not relevant yo the original post's "flaw". As to storing credit card numbers (unencrypted?) on a public web server, THAT would be the security error. You start with the assumption that a public web site is, well, publicly accessible, so you don't store credit card numbers there. You don't expect a shared host, or anyone else, to turn a web server into a secure vault for sensitive financial data. To even store CC details unencrypted violates PCI and therefore the merchant agreement.

  17. The server is configured correctly on Ask Slashdot: What To Do When Finding a Security Breach On Shared Hosting? · · Score: 1, Interesting

    The host isn't doing anything wrong. That configuration is actually the most secure of any common configuration. If your script can read other people's files, that probably means it's running as the unprivileged user "nobody" or "apache". All scripts can read all files, but can only WRITE files that are chmod 666. The only commonly used alternative is suexec, where your scripts run as your user. That means they can only read your files, but it also means all scripts can WRITE to any file, delete any file, or create files anywhere. Given that most all PHP scripts have security holes, running them using suexec is super dangerous - FAR more risky than running them as nobody and letting them read files. So the configuration they are using is definitely the safest, in the opinion of poster who has fifteen years of server security experience. It usrd to be, you could run suexec as a different user, bob_scripts, and that was much safer. Recent versions don't allow that due to some poorly thought rules about file ownership. The ultimate would be set up custom.selinux rules such that your scripts could only read your files AND could only write 666 files, but NOBODY does that. I don't think there is a single shared host in the world who offers that, and I've worked with hundreds of hosts.

  18. Thousand miles - federalism, enumerated powers on Supreme Court To Hear First Sale Doctrine Case · · Score: 4, Interesting

    "why should ... a thousand miles away." The framers DID account for that, by making a FEDERAL government, not a national one. The people a thousand miles away have only the enumerated powers, with all other powers reserved to the states and the people. That's how the Constitution avoids having people a thousand miles away make your decisions for you, NOT by having judges make up the law as they go along.

  19. The definition of acceptable performance changed on Ask Slashdot: Why Does Wireless Gear Degrade Over Time? · · Score: 1

    Years ago, the wifi was fast - WAY faster than the 2G signal you otherwise had in the living room. Today, it's WAY slower than than your phone, your 4G phone.

  20. Not hard to tell. After a bunch of complaints on Visa and MasterCard Take Fight To Scammers · · Score: 1

    It's based largely on "chargeback ratio". If 10% of the people who pay the company take the time to fill out fraud reports, it's probably a fraud. Secondly, the comoany can challenge the complaints. Most commonly, the complaint is "I paid, but I never recieved anything." The company can reply with a UPS tracking number. Another common complaint is "I didn't buy anything from the company, but they charged my card." That's why you sign the reciept, so the company can prove you authorized it. After being flagged by the percentage of complaints and how the company responded to them, a human being can check over the records, look at the web site, etc., comparing that company to others in the same industry that are about the same size. At that point you can pretty well tell if it's a scammer or not. These measures have been in place for decades and work quite well. Here's he part which is kind of new. It's the banks who run merchant accounts who handle complaints against their customers. The research shows that 12 banks don't care about fraud complaints and keep processing for the fraudsters . Since those 12 banks aren't doi.g their job under their contract with Visa, Visa is warning that they may termimate the contract unless the crime-friendly banks shape up and take fraud complaints seriously.

  21. V and MC PARTICIPATE in the transactions on Visa and MasterCard Take Fight To Scammers · · Score: 3, Informative

    Visa and Mastercard participate in or at very least facilitate these transactions. You are uncomfortable with someone choosing not to participate in criminal activity? They should knowingly facilitate fraud, allowing their networks to be used for criminal activity? No, I think the card associations and issuers are doing exactly the right thing in refusing to process fraudulent charges for counterfeight goods. Their motivation is threefold. Doing the right thing, of course, and branding, but mainly chargebacks. You may know Visa and Mastercard, through their issuers, guarantee to protect their customers from most types of fraud. If you pay by Visa and are shipped a counterfeight product, you can fill out a form and get your money back. I suspect most would agree that's good for consumers. It means, however, that Visa is ultimately on the hook for the money. If you buy MS Windows and get shipped a couterfeight copy, VISA could end up having to refund your money. Thus it's incumbent upon them to reduce fraud as much as practicable, because in the end the money comes out of their pocket. (If they can't retrieve the money from the scammer.) You would prefer that Visa would be required to a) knowlingly facilitate fraud and then b) pay back the money someone else stole?

  22. Like CAN-SPAM, a weak law is an excuse to not have on Privacy Advocates Oppose Aussie Data Breach Laws · · Score: 1

    My understanding of their position, with which I don't agree, is that passing a weak law now would serve as an excuse to not pass a strong one. By way of comparison, CAN-SPAM is so weak it basically legalizes spam. If CAN-SPAM did not exist, there would be pressure to pass a (better) law. CAN-SPAM takes the pressure off and they feel the new privacy rule would do the same, reduce the motivation for having a good law. As I said, I don't necesarily agree, but I understand their reasoning.

  23. Sounds likely, that his proxies WERE used for spam on Zero Errors? Spamhaus Flubs Causing Domain Deletions · · Score: 1

    Indeed the OP gives no reason think his proxies were not in fact being used for spam. In tjat case, it would be correct 2o list them in spamhaus. Alternatively, a spammer could have forwarded / copied domains from his emails and sent them. The OP assumes his own double-opt-in emails were categorized as spam, but that's not in evidence.

  24. Who did it - Genacowski, Obama's school chum on FCC To Allow Cable Companies To Encrypt Over-the-Air Channels · · Score: 1, Interesting

    If you're curtis who is to blame, Julius Genacowski is the same FCC chair who brought us billions of dollars in taxes they hand over to cell phone companies, obstesibly to help yhem build more 3G and 4G towers. The same guy who allowed cable companies to to slow down Hulu and other internet services that compete with cable TV. A friend of Obama since they went to college together, Genacowskalso worked on Obama's campaign.

  25. Cool, but 10 years out of date. on Graphics Cards: the Future of Online Authentication? · · Score: 2

    That's cool in a nerdy sort of way. Ten years out of date, tough. I guess they didn't look at what's already available, what used to be available and is no longer used, and why. This sentence puts ten years out of date: "link the graphics cards, and by extension, the computers in which they reside and the persons using them, to specific online accounts" 1 person 1 account! Commodity software that's been widely available for many years already ties one account to on human user, across multiple devices, and without requiring special software on the client end. Consider the sites that get attacked, all day long, every day. Sites like Girls Gone Wild have tens of thousands of spoof attempts everyday. Sites like that have had an effective defense for many years. GGW, for example, uses the readily available Strongbox package which tracks the way the user users their mouse, among other things, to confirm that the user (human) really is who they say they are. Ten to fifteen years ago modern systems like Strongbox displaced earlier systems which assumed that 1 user = 1 device. These researchers are reinventing the steam engine.