Slashdot Mirror


User: Tony-A

Tony-A's activity in the archive.

Stories
0
Comments
3,584
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 3,584

  1. Re:Define, No; Enforce, YES! on MS Anti-Trust Litigation - The Case For Standards · · Score: 1

    ... promote the general welfare ...
    >>Don't look to the government, you know they'll just screw it up.
    Too true, but it is the responsibility of the government to not screw it up.

  2. Re:Define, No; Enforce, YES! on MS Anti-Trust Litigation - The Case For Standards · · Score: 1

    >>Accouting is the most convoluted, outrageous set of standards and priciples that anyone ever could have dreamed up.
    Thanks. Without really understanding, I believe you. Now take a careful look at all the interfaces between pieces of computer systems. These include, as a smallish part, the automation of various rules, standards, etc of accounting. It's big, too big for any one entity to even keep up with it.

  3. Re:.NET might be very good to us on Perl and .NET · · Score: 1

    Some of us are stuck with Microsoft and are looking for a way out before Microsoft really screws us over.

  4. Re:Is this a MSFT thing? on Comprehensive Win2k/Linux Comparison · · Score: 1

    Maybe to salvage his leaked memory?

  5. Re:Who cares on NSA Releases High Security Version Of Linux · · Score: 1


    http://www.landfield.com/isn/mail-archive/2000/Oct /0029.html
    ...
    "We fixed dozens if not over a hundred of format string vulnerabilities," says Aaron Campbell, an OpenBSD developer. "At the time, no exploits for format string problems were available. It was easy to crash programs, but methods for gaining elevated privileges were not publicly known and at the time it was largely theoretical."
    ...
    Despite the effort, crackers still found a way to break into a system. Tuesday the friend of an OpenBSD developer had his OpenBSD 2.7 machine compromised by an exploit of the operating system's "chpass" utility -- a Unix tool that lets users edit database information associated with their account. Somebody had gained root access, the Unix equivalent of system administrator-level control.
    ...
    "Are we surprised? No," says DeRaadt. "Should we have spent time checking each for exploitability? No, that's not the role we can play. And we cannot release a patch for 800 bugs, which may or may not be exploitable. We'd look like jerks."
    Campbell says Tuesday's scare reaffirmed his faith in aggressive audits. Even though the bug was not known to be exploitable during the original summer audit, the fact that they identified and fixed it gave them a chance to seek out similar bugs, shoring up future versions of OpenBSD.
    ----------------
    Took a while, but searching though google, I finally found the reference. It stuck in my mind because even OpenBSD can be vulnerable.

  6. Re:Why Not WordPerfect 5.1 file format? on Alternatives To .DOC As Standard WP Format? · · Score: 1

    Personally, I would love to see an open standard compatible with WordPerfect 4.2/5.1 before the evil hackers/whatever finally let loose an msword/internet-explorer virus that actually does some damage.

  7. Re:Source code woudln't be entirely safe... on NSA Releases High Security Version Of Linux · · Score: 1

    Beautiful hack, but probably cannot be repeated anymore. It requires that both the compiler and the login program come from the same place. Something as trivial as changing login to logon would be enough to break the hack and possibly expose it. The key to the hack is a backdoor in the binary that is not in the source.
    Slightly off-topic. There is a very good reason to have backdoors. Much worse than being broken into is permanently locking yourself out.

  8. Re:There are a lot of people smarter than me... on NSA Releases High Security Version Of Linux · · Score: 1

    I'm sure they are clever enough to hide weaknesses in code from you, and from me. I doubt very much that they are clever enough to hide weaknesses in code from everybody who reads and post to slashdot.

  9. Re:Linux vs. *BSD on NSA Releases High Security Version Of Linux · · Score: 1

    Without being a bit paranoid, I think you are right. Out of the box, the BSDs, particularly OpenBSD should be more secure, but there is more to be gained by securing Linux than by further securing one of the BSDs. Of course anything actually significant in Linux will be picked up by the BSDs, so OpenBSD will keep its place as the most secure. Oddly enough I expect one of the results of selinux will be more OpenBSD desktops. ;)

  10. Re:Who cares on NSA Releases High Security Version Of Linux · · Score: 1

    I see that the astroturfers have some moderator points.
    >>Microsoft is rapidly becoming irrelevant. They are to be simultaneously pitied and despised.
    Whether anyone actually runs selinux or not, the resource is available. Judging from recent cracks of OpenBSD and security advisories from FreeBSD, the current state-of-the art is far from adequately secure. At least Linux and the BSDs are potentially securable.

  11. Re:Zzzzzz-DNet on Linux Distributions Are Too Big · · Score: 1

    Hehe. Unfair. Windoze is hurting. Not enough aps.

  12. Re:Enough of XML on Perl and .NET · · Score: 1

    Think of XML as LISP for COBOL programmers.
    LISP is a bit more concise with (thingee ... ) instead of <thingee> ... </thingee>

  13. Re: punched cards on Iraq Stockpiling PS2 Consoles! · · Score: 1

    You are almost a century off. Punched cards were first used in the 1890 US Census.

  14. Re:note the source on Iraq Stockpiling PS2 Consoles! · · Score: 1

    Not as dumb as just using one wing. Thanks for the reminder.

  15. Re:Eazel? on Sun Announces It Will Ship Solaris With Eazel · · Score: 1

    >And the Corporation very much feeds on the Community.
    Hehe. That's the critical point. The Media is aimed at people who pay money and _buy_ things. The idea that a more up-to-date and better supported version is available for free download doesn't really fit in with their world view. If it's not bungled too badly, everybody gains. It is very much to the advantage of the Corporation that the Community does well, very well. Someone better at writing than I may be able to explain the relationships, subtle and plural, but do not expect them to come from the Media.

  16. Re: public transportation on Ten Technologies That Shouldn't Have Died? · · Score: 1

    This is why it makes sense for the government to subsidize mass transportation.

  17. Re:Bah, none of those are dead. ;) on Ten Technologies That Shouldn't Have Died? · · Score: 1

    >How is a slide rule superior to a scientific calculator?
    Solving proportions. A/B = C/D with one of A,B,C,D an unknown. Immediate readout with no multiplication or division involved. Only slide-rule accuracy, but the knowns are not that accurate anyway.

  18. Microsoft performance. on L0pht Joins MS As BUGTRAQ Outcasts · · Score: 1

    Unprintable. Unspeakable. Unpublishable.

  19. Re:Flamebait? on L0pht Joins MS As BUGTRAQ Outcasts · · Score: 1

    Too many MS droids with moderator points.
    You raise a scary scenario. Reality may well be worse.
    Some observations from the LoveBug episode. It took Microsoft something like three (3) days to get anything searchable on their site, and what they put there was not particularly useful. Slashdot coverage was timely and informative enough to actually quickly fix a couple of hits, and Slashdot is neither a virus-alert nor a Microsoft site. If, ie when, disaster strikes, you want as many lines of communication open as possible, right, wrong, and indifferent. If the information is relevant, surely you verify or check more than one source.

  20. Re:Microsoft knows best? on L0pht Joins MS As BUGTRAQ Outcasts · · Score: 1

    When the LoveBug hit, it took something like 3 days for a search on microsoft.com to show even a mostly useless hit. Fortunately, Slashdot coverage was timely and informative enough to quickly clean up a couple of infected systems.
    Cheap trick. Put something like 123@bad.news in your address book.

  21. Re:About the sig on Red Hat Wins In US Army Contract For Linux Devices · · Score: 1

    You are confusing return codes from programs (where 0 means ok and anything else an error status) with logic values (where 0 is false and any non-zero is true).
    To add to the confusion, you can have a true, b true, and a&b false (binary 10 & 01).
    --- my two bits worth.

  22. Re:I'm quite surprised, actually. on Red Hat Wins In US Army Contract For Linux Devices · · Score: 1

    >...enemies have resources and will keep what they develop a secret, before deploying it once.
    With open source, the bugs are openly published and fixed. With closed source, methinks the enemy is keeping what it knows under its hat.

  23. Re:Sun don't have a hope. on Sun & Microsoft Square Off With XML Standards · · Score: 1

    This is why we need Open Source. Flame wars about GNU/BSD etc. licensing, software, etc. are minor irritants at worst.

  24. Re:Sun vs. MS on pay-per-view on Sun & Microsoft Square Off With XML Standards · · Score: 1

    Dark horse. Open Source and IBM.
    Too important for any one company to dominate, particularly either of Microsoft or Sun.

  25. Re:SOS on Linux Support For The Enterprise? · · Score: 1

    ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
    Looks normal for first IDE controller.
    Should also show:
    hda: whatever is the master
    hdb: whatever is the slave

    ide0 at 0x14c0-0x14c7,0x14b6 on irq 11
    Looks VERY STRANGE.
    Expect something like
    ide1 at 0x170-0x177,0x376 on irq 15
    Use Windows to see what the hardware is.