Slashdot Mirror


User: jc42

jc42's activity in the archive.

Stories
0
Comments
6,784
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,784

  1. I'd find it useful ... on FCC Pics of the IBM ThinkPad X41 Tablet PC · · Score: 1

    ... if I can get two things on it:

    1. Linux. (How much of the hardware doesn't work with linux yet?)

    2. Using my cell phone as a wireless modem. (This "should work", but in my exerience, plugging in any sort of external is a guaranteed sink for lots and lots of time and hair pulling. ;-)

    The reasons? Well, one of the things I've been involved in is online music notation (for musicians; not recordings). The question comes up repeatedly: Can we put this on a music stand on stage? The answer for all computers so far is "No, because it'll just fall off." No current computer display or laptop seems designed to sit on a music stand. This is a total deal-killer. A laptop that rotates into a flat tablet would be workable. But not if it only runs Windows; it's gotta run OSX or linux.

    And I need network access. Wifi so far covers maybe 1% of the US, and isn't advancing very fast. It doesn't work most of the places I'd want to use the tablet. But my cell phone (actually a Blackberry) has real Net access over at least 20% of the US, probably much more soon, and I have an unlimited-data plan. If I could make it work as a modem, I could use the tablet in lost of the remote places I'd like to use it.

    I do have a couple of cute demos on the BB, but the screen is tiny and unreadable from as close as the end of my arm, so it's just a proof-of-concept. To be usable needs a page-size screen with reasonable resolution.

    Maybe this machine is the one I've been looking for.

    Maybe I should ask the nice folks at emperorlinux how soon they'll support it ...

  2. Re:"Force"? on Enforcing Crytographically Strong Passwords · · Score: 0, Troll

    I answered that. It's so that I can get at it from anywhere. ;-)

    Of course, you could too, if you could guess the URL. But actually, that's gonna be a lot more difficult than guessing most of my passwords. Unlike passwords, that often have a size limit, a URL can be rather long (even discounting all the fixed boilerplate).

    Also, I have accounts on a number of machines that are on the Net and have web servers. Some are guest accounts. I can put maybe two copies of my file on two of them and move it around occasionally. Maybe changing its name. The file is always "hidden" in the various ways that a web server lets you do this.

    I'd contend that this is in fact more secure than, say, a Password Safe in a Palm device in my pocket. That can be stolen and brute-forced to give up the file. My online file is a lot less accessible. And I'm not carrying any physical clues that it even exists.

    Of course, the fundamental problem is the idiots running security systems, that force me to have around 100 passwords, mostly different. If they wouldn't do this to me, I could use memorable passwords that aren't dictionary-hackable, and I wouldn't need to store them anywhere.

    It would also be much better if all those sites would let me change my password. For more than half of them, I couldn't tell you how to do this. Discovering the method is generally so difficult and time consuming that, like everyone else, I don't bother. It's one more idiocy forced on me by the security "experts".

  3. Re:Profanity! on Enforcing Crytographically Strong Passwords · · Score: 2, Interesting

    a password comprised largely of profanity

    Some years back, I saw a fun example of the benefits of this. I worked in the computer center of a large university, where there was a big Univac mainframe used by many departments for heavy number crunching. One thing rather dubious about its security was that every file could have a pair of read/write passwords - and the admins could get a printout showing "rpwd/wpwd filename" for any user's files.

    The head of the computer center (let's call him "Bolton" to protect the guilty) was more and more disliked by the techies. One bunch or researchers that I knew pretty well decided to change all their files to have "fuck/Bolton" for their passwords. They then just waited quietly.

    One day, at a users meeting chaired by Mr Bolton, a major dispute came up. After some vociferous disagreement on some policies that really effected these researchers, Mr Bolton made a comment about their antagonism, exemplified by their choice of passwords that were obscene comments about himself. The researchers didn't respond during the meeting.

    The next day, they sent letters to all the higher-ups at the university complaining about Mr Bolton's giving out information in a public meeting that made it easy for listeners to guess their passwords.

    A month later, Mr Bolton was no longer working at the university.

    It was a nice sting. And it illustrates the problems you can have with trusting the people who run the security system.

  4. Re:"Force"? on Enforcing Crytographically Strong Passwords · · Score: 1

    Of course. And pretty much all computer security uses "obscurity", i.e., hiding the critical incantation is a huge address space. The URL of my password file is essentially just another long random string of characters. If you could guess it exactly, you'd get to my file in one try, just as if you guessed a password. But if a single character is wrong, all you get is error 404, which conveys no further clue. So the file's URL is essentially just another password.

  5. Re:Forget passwords. on Enforcing Crytographically Strong Passwords · · Score: 1

    Next, we need to encourage keyboard makers to make a biometric fingerprint ID thing on them.

    We might want to be careful about putting that in too many devices. We're already starting to get news reports about the major vulnerability of biometric security.

    Granted, it can be done right. But how many commercial operations, under pressure to sell for the lowest price, will be bothered to make sure that such attacks don't work? Let's face it, Mercedes-Benz isn't exactly a shoddy, lowest-price operation.

  6. Re:"Force"? on Enforcing Crytographically Strong Passwords · · Score: 1

    I have begun to keep a plaintext file on my desktop computer with all my passwords in it and when they expire.

    Yeah; I've done that for years now. I just checked my password file, and it currently contains 91 entries. I piped it through sort|uniq to eliminate duplicates, and it still had 84 entries. Most of the variations are because of sites' rules for passwords, that usually don't allow me to use the same password on different systems. And this list doesn't include the handful of machines that I use most often, because I can remember their passwords.

    There's no way I could remember all of these. And it's the sites' password rules that force me to put them into a file like this. So I blame the security "experts" for forcing me to be so insecure.

    Funny thing is that the password file itself is highly secure, although it's on the web so I can get at it from anywhere. Its name is rather random looking, starts with a '.' and is in a "hidden" directory that also has an index.html file. I check the server logs frequently for a list of "interesting" accesses, and this file has never been read by anyone but me. I access it via "https://..." of course.

    It's interesting that an unencrypted plain-text file that's on the web can be so much more secure than most things protected by passwords and encryption.

    How could the security people have gotten it so wrong?

  7. Re:They want feedback? I'll give em FEEDBACK on New IE7 Information Announced · · Score: 1

    Try Ctl-F5

    So what's that do? I was curious, so I opened a copy of IE, visited a page of mine that changes with time, and typed CTL-F5.

    The only change I saw was a funny little icon, sorta like a tiny menu, appeared to the right of the pointer. It stayed there until I touched the mouse, and then it disappeared. No reload of anything.

    Do I maybe need some other meta-key down, too?

  8. Re:Too little...too late on New IE7 Information Announced · · Score: 1

    I certainly don't hear Joe User bitching in the street about that 'evil Microsoft'.

    Nope. What you hear is people bitching about how evil "computers" are. They don't generally pin the blame on Microsoft, because they aren't aware that there's any other kind of computer.

    A minority is aware, true, but they aren't Microsoft customers.

    What's really annoying is that the media pushes the same idea. Listen to the next news stories about the latest virus/worm/trojan/whatever. You'll almost always hear it described as infecting "computers", with no mention of Microsoft whatever. This is semi-intentional, because they don't want to offend a major sponsor. But it's only semi-intentional, because many media folks are also unaware that there's more than one brand of computer. (The ones that are aware are generally carrying around a Mac. ;-)

  9. Re:Too little...too late on New IE7 Information Announced · · Score: 1

    Most of those who have not switched have nothing else to compare MSIE with, and thus think that MSIE is the best browser that ever existed.

    Actually, they don't. Rather, they think that IE, "the browser" and "the Internet" are synonyms. But it's not the best; it's the only one.

    Those who are aware that other browsers might exist have generally found out quickly that not only they exist, but there are better browsers that are free. And those who believe that "You get what you pay for" have bought Opera.

    But such people are a small minority. The majority of Windows users simply don't think about the topic at all.

  10. Re:OT: EVIL communism on Microsoft to Support Linux in Virtual Server · · Score: 1

    What's with USA people's hate toward communism?

    We have not forgotten history.


    Actually, most Americans hate communism simply because the media and the political system tell them to. Rather few of them could tell you anything about it to any degree of accuracy. And in the past few years, "communism" has been replaced by "terrorist", with the propaganda otherwise identical. Sometimes "Moslem" is used instead. Most Americans don't know the difference. And most wouldn't be too interested in listening to an explanation.

    Much like people in the rest of the world, with different names for the hated groups.

    The Americans posting here are not typical ...

  11. Re:Balmer takes 5 years to change his mind on Microsoft to Support Linux in Virtual Server · · Score: 1

    How can they subvert Linux like the subverted Java?

    There was an example a few years back. After a release of a new motherboard (I've forgotten which one), benchmark tests showed that the current linux ran very slowly on that board. A couple of guys in the local linux user group studied the BIOS, and found the explanation. Part of the boot code did a test for a specific string of bytes that was found in the linux kernel, and when it found a match, it disabled the cpu's cache memory.

    This was easy enough to verify. A trivial change was made to that chunk of the kernel, so that it no longer compiled to something that contained the target byte string. The resulting kernel ran much faster. A bit of publicity in the right places got the problem fixed generally.

    Nobody ever found out who put that test in the BIOS. But the motive was very obvious. And a BIOS is small enough that it's practical to search it for such tricks. A VM-type OS is larger and much more complex. In a proprietary VM, it would be easy to hide a test for a specific OS so that it couldn't be found. You could break arbitrary parts of the target OS, and it would be extremely difficult for the OS's supporters to diagnose what you've done and program around it.

    They've done it in the past; they'll do it in the future.

  12. Re:Direct Link to Win32 version on Opera's CEO to Swim From Norway to the USA · · Score: 1

    Unfortunately not all platforms have an Opera 8 download yet.

    Yeah; I tried downloading it to my Mac, and got 7.54. Which brings up a question: Does my download count, since I didn't download version 8?

    OTOH, when I found it was the same as my old Opera, I first thought I'd screwed it up somehow, so I tried again. I got 7.54 again. So is that two downloads toward the million count, or is it zero?

  13. Re:Hold on, I need to type a message to 911... on Microsoft's 911 Patent · · Score: 1

    And when your dog hits it?!?!

    There was a real case reported a few years back, in which a tomato made a 911 call.

    The tomato was in one of those hanging wire baskets, above the table that held the phone. The tomato was getting a bit overripe, developed a split in its skin, and dripped juice on the phone. The juice hit the key that was programmed to dial 911 and shorted it out, which caused the phone to make the call. Since there was nobody talking on the line, the 911 people assumed it was a medical emercency.

    When the police and ambulance arrived, nobody answered the door, so they broke in. It took them a while to discover and diagnose the reason for the 911 call.

    When the homeowners showed up, the situation was explained. They moved the basket so that future overripe fruit wouldn't be able to make calls. There was no recurrence of the incident.

    The 911 people thought it was pretty funny, and reported it to news agencies.

  14. Re:Am I a criminal? on Congress Declares War on File Leakers · · Score: 1

    Fun scenario. It is getting more and more difficult for a mere human to understand the growing perversity of copyright (and patent) law. This point seems to be missed by a lot of the folks posting here. A lot of the point out that the pending law only applies if there's a copyright violation. But we have a growing number of scenarios like this one, in which nobody but an experienced IP lawyer would have any idea whether they are violating a copyright.

    One of my favorite examples has been discussed on a number of folk-music lists: Suppose at one of your neighborhood sessions, you play a medley of traditional (i.e., out of copyright) tunes that was on a recent album that you liked. Have you violated a copyright? You'd think the answer would be "Obviously not." But that recording was copyrighted. There's a good chance that, although the tunes are public domain, the arrangement is copyrighted. So if you play the same set of tunes in the same order, you've violated the artists' copyright on the arrangement.

    This seems absurd, but there's a good chance that a court would decide that you did violate the copyright. Even if you haven't heard the recording. So don't ever medley two tunes together; you might be violating someone's copyright, and if they find out, you could end up in court.

    Now, IANAL, of course, and that's part of the point. It's no longer feasible for a non-lawyer to know whether they might be violating someone's copyright. Even if all your material is public domain, copyright covers the arrangement of the material. So the only way to determine whether you might be violating a copyright is to first examine all published material, and that's far beyond the capabilities of anyone but a billionaire.

    And, in any case, the only real way to determine whether there's a violation is to ask a court.

    Either that, or never say, do, or perform anything in public.

  15. Am I a criminal? on Congress Declares War on File Leakers · · Score: 3, Interesting

    ... makes it a crime punishable by up to three years in jail for a user to put a single 'copy of a film, software program or music file in a shared folder and should have known the copyrighted work had not been commercially released.

    A literal reading of this would say that some music files that I and a few friends made and put online are going to become illegal. Consider:

    1) The files are copyrighted by default (by us).

    2) We haven't released these files commercially.

    3) The files are online, on my web site.

    Are they really making it illegal for people to put their own files online without first releasing them commercially?

    This sounds like they're basically outlawing the act of giving things out for free. You can only sell things; you can't give your own things away as a present.

    I suppose this wouldn't be surprising, coming from the Bush administration.

    I've also put a number of small scripts online, for the benefit of anyone who might find them useful. They're too small to sell. They must be copyrighted since in the US, everything is copyrighted by default. So it sounds like those giving out those little scripts is soon to be an illegal act.

    I wonder what the chances are that the courts would toss this law?

  16. Re:Just my $0.02 on Kernel Changes Draw Concern · · Score: 1

    There's just no predicting mods around here. Without a smiley, there's real danger of being modded "insightful" or "flamebait", no matter how firmly your tongue is in your cheek. And things typed in all seriousness get a "funny" rating.

    More and more, I think that being modded just signifies that someone actually read the message. Part of it, anyway. The first sentence, maybe.

    The computer industry does have a history of moving stuff to lower and lower levels in the system. For some reason, people seem to think that it's an improvement to move something into the OS, where mistakes are an order of magnitude more difficult to fix, and where the code takes up space even when it's not being used.

    Anyway, now that linux is starting to make serious inroads in the business community, maybe it's time we start thinking seriously about the system that will replace linux. Maybe we can ask Linus to lead the effort. He'd probably think that it would be fun ...

  17. Re:Just my $0.02 on Kernel Changes Draw Concern · · Score: 3, Funny

    what's wrong with a modular micro kernel design? why must these things be compiled in? ...

    Because that's not how Microsoft does it. And the business world will never accept linux until it's changed to mimic MS Windows' design. Haven't you been listening to what people have been saying here for the past N years? It's routine to point out a good design feature of linux and claim that that's why linux Isn't Ready For The Desktop, and won't be until that design is changed. This is mentioned more often than the impending death of *BSD.

    (Lessee, do I need a ;-) here? Nah ...

  18. Re:Just my $0.02 on Kernel Changes Draw Concern · · Score: 4, Funny

    Big changes are coming to the kernel that are really going to improve Linux and its functionality in the buisness and home world.

    Yeah, and we know that Linux Will Never Be Ready For The Desktop until firefox and thunderbird are integrated into the kernel.

  19. Re:The correct solution... on DMCA Prevents Photoshop Support of Nikon Camera · · Score: 1

    The DMCA doesn't say you're not allowed to use an algorithm, it says you're not allowed to actually decrypt the data.

    This is worth emphasizing loudly and repeatedly. Lots of others have pointed out in this and many other /. discussions that the encryption algorythm doesn't matter at all. All that matters is that 1) the material is copyrighted, and 2) the copyright owner encrypted it in some fashion.

    This can get rather absurd. Many people have also pointed out that the ROT13 encryption is now illegal to "decrypt" in the US without permission from the copyright owner.

    As the /. notice and US copyright law say, by submtting this message, and encrypting it with ROT13, you would become a felon under US law if you were to ROT13 it again and read it, unless you have my express permission to do so.

    It gets even more absurd than that if this message is ...

  20. Re:"Copyrighted" on Finnish Firm Claims Fake P2P Hash Technology · · Score: 1

    Heh. Not only did they get the file name wrong, but there's the second, more clueless error. Removing a file from a directory requires write permission on the directory, not the file, since it's the directory that you're modifying (by zeroing the inode number of the file's directory entry).

    Of course, changing the permissions of /bin/cp to 777 would let you overwrite it with a copy of /bin/true, which would be even more damaging because it wouldn't produce an error message.

    But if you can change any of these permissions either you're a wheel or there's something much more seriously wrong with the system.

  21. It doesn't matter ... on What Makes a Good Design Document? · · Score: 1

    In all the projects that I've worked on, the design docs are just there to satisfy management. Nobody ever actually reads them. ;-)

    This is, of course, said in a "Ha, ha, only serious" fashion. I've written any number of design docs. But I tend to play them down. The reason is that, when you start implementing, you invariably find that you've missed a few important things. Sometimes this leads to significant redesign. And this means a lot of finger pointing and recriminations, because you Didn't Get It Right The First Time. Eventually you can get back to the job of implementing what you now understand you really need, and maybe do a bit of rewrite of the design docs. But you've lost a lot of time playing political games. And in poorly-run organizations, your initial incomplete design will be held over your head indefinitely. So it's best to try to make the design docs "preliminary", with the understanding that you'll revise them as requirements change or serious problems are found with your platform that prevent you from building part of the design.

    In a really bad organization, the design docs will be cast in concrete, and you must implement to the design, even when you can show that it'll be a disaster. But in that case, you start looking for a new job right away.

    I've seen one case of a design that had a serious flaw, which the designers insisted was right. I implemented the correct design in parallel with the official design, with a runtime flag to select between them. When the first customers all rejected it because of the flaw, I was able to quickly "implement" the correct design. I was a hero with everyone except the design team, who discovered what I'd done.

    The fun ones are where you can prove that the design can't actually be implemented at all. I've worked on a couple of those. I found new jobs pretty quickly ...

    I've long been a believer in the rule that the designers should be forced to implement their design.

  22. Re:I dunno about both. on Texas Bill to Filter Highway Rest Stop Internet · · Score: 1

    ... the Ku Klux Klan's website ... was blocked ... the NAAWP ... you guessed it, problems ... Black Panthers ... are permitted./i>

    You've just stumbled across the Way It Really Works.

    Yeah, they'll tell you that they're just blocking kiddie porn or acvocacy of violence or some such reasonable-sounding excuse. But invariably what they actually block appears random, until you start to notice a pattern of some sort. Maybe they only block whatever they think is obscene or politically incorrect this month. Then one day they block their competitors' sites. Or they block muckraking sites. Or just sites that use certain key words (as in the cases of breast-cancer support groups being blocked).

    The reality is that they just want to control the information you can access. They are not too concerned with the accuracy of the blocking. The important thing is that they can control what you are allowed to read.

    And they want a precedent so that, when they really need it, they can block their competitors. Then by the time anyone objects, it'll be too late, because the campaign or election is over.

    Censorship is always abused to control what you can read, for the benefit of the censors.

  23. Egregious misreading of the GPL on Unintended Consequences of Using GPL Fonts · · Score: 1

    Using GPL'd stuff doesn't force you to distribute anything to anyone. It just says that if you do distribute to someone, and they ask to see the source, you have to give it to them (or tell them where they can find it).

    So if you send me a document that uses the GPL'd fonts, and I tell you that I don't have those fonts, you have to either give me a copy of the fonts or tell me where I can download them.

    I'd think that we'd want this for any font. I mean, why would you use a font if you don't want recipients of your docs to be able to use the font? That seems dumb.

    Of course, we'd expect a bit of FUD from people who are pushing proprietary fonts. They'd like people to use them, so that recipients of document will pay for the fonts.

    Or maybe not. After all, you can still read the doc if you replace a missing font with Courier or Times Roman or Helvetica, right? If that's not what it looked like on the sender's screen, well, that's their problem for not using a freely-available font.

    But where do people get the idea that using something that's GPL'd forces you to give your stuff to anyone? There's no language even vaguely like that in the GPL.

  24. Re:Excellent Article! on Linux Can't Kill Windows · · Score: 1

    Keep your dirty laundry in-house, present a unified front to the world.

    And, as a developer, this is exactly why I repeatedly advise against building on proprietary platforms. That "dirty laundry" is exactly the stuff that's constantly biting me when I'm just trying to get my code to work. The worst kind of bug is when some "system" component doesn't do what I expected, and I can't tell just what it's actually doing . The reason that I can't tell is that the turkeys at the vendor refuse to admit to their "dirty laundry". The information I need is hidden behind a brick wall.

    The Open Source world doesn't work like this. Sure, I get blown off a lot by the people in newsgroups and mailing lists. But I can always resort to the source code, do a bit of tracing, and find out exactly how the docs have lied to me. Sometimes I can fix a bug and submit it, which I can't do with proprietary software.

    Anyway, thanks for the elegant expression of why most proprietary systems get it wrong.

  25. Re:User interfaces are important, though on Linux Can't Kill Windows · · Score: 1

    When your average idiot buys a computer from Dell, Gateway, HP, $RESELLER. He gets it home, opens the box, plugs it in, and lo and behold it WORKS.

    Huh? What planet are you living on? I've watched a number of people trying to deal with their brand-new Windows box, and "WORKS" isn't a word that they or I would ever use. I've listened to them cussing out the idiots who built the box, and tried to help them figure out how to get it into a usable state. They usually give me an earful of how incredibly bad the thing is.

    No, at least on my planet, if they wanted a computer that they can buy retail and which "just works", they'd all be buying Macs. The fact that they aren't is proof that working out of the box (or ever) must be secondary to something else.

    My theory is that the "something else" is advertising. The fact is that, when dealing with technically ignorant customers, the sales go to the company with the biggest advertising budget. And if you have the biggest ad budget, it doesn't matter much whether your product works right. Most people can't judge that before the sale, and after the sale it's too late; they're stuck with it and just have to make the best of a bad deal.

    Also, one thing you can do with a huge ad budget is convince people that your computer is the only "real" computer; everyone has it (except for a few nerds and geeks); there's no point at even looking at any of those fake computers sold by other companies. Once you've convinced people of this, you can sell a really shoddy product, and people will just assume that that's how computers all work.

    So on which planet do you find a computer system called "Windows" that works out of the box? Any chance of exporting a few to Earth, so we human geeks can take a look at them?