Slashdot Mirror


User: ledow

ledow's activity in the archive.

Stories
0
Comments
5,597
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,597

  1. Re:Windows 7 RTM Cracked on Windows 7 RTM Reviewed & Benchmarked · · Score: 1

    And this is why volume license keys basically defeat all of MS's copy-protection claims. Every major release of Windows that's included VLK's has had it cracked and the VLK posted online within days of release. Hell, I've memorised the XP VLK's that are commonly issued to UK schools after I found three geographically-seperate schools all with the same VLK. With XP you could suck out the key from the registry, so I have copies of some major educational suppliers VLK's too, should WGA want to blacklist a key that we use. We know we're licensed, and getting hold of any VLK in order to continue in business in such an instance isn't a problem.

    Microsoft basically say: "We want to know is someone's copied Windows, so we give everyone a unique number that has to be actived online and only allocates to that single PC for the rest of it's life (making provision for hardware changes), that we can blacklist if we think it's been leaked... then we give our "big" customers with hundreds of minimum wage employees that change every month a special number that will work anywhere, doesn't require activation (but passes it if required) and pretty much ignores hardware changes and that to blacklist would knock out millions of PC's worldwide so it's basically a perpetual bypass of all our systems".

    I can't see the flaw in THAT plan. No. Not at all. Windows 7 is more tricky in that it's more of a public/private key affair that you can't suck the keys out of supplied machines, but any insider release (minimum wage, temporary employee doing boring OS installation for a living) is inevitable.

    MS have blacklisted VLK's in the past (XP era?), but it was years after their initial use (SP2 blocked VLK's that were released pre-RTM) when they were pretty sure most people would have moved on, and they would issue new keys to customers that could prove they had genuinely bought the OS... it didn't hit much of an uproar, but basically those keys worked until the OS was already four or five years old, and then you just had to change the key for another. Not bad for "free".

    This is why all the activation nonsense is a waste of time, like any copy protection scheme. The only people it hurts/hinders are the honest.

  2. Re:Not faster than XP, not faster than Vista on Windows 7 RTM Reviewed & Benchmarked · · Score: 1

    He doesn't say that Windows 7 is faster than Vista. He says that they are BOTH faster if you turn UAC off.

  3. Re:16GB? on Windows 7 RTM Reviewed & Benchmarked · · Score: 2, Interesting

    I have no idea but it usually just cruft and poor programming... you'll probably find that it only peaks at 16Gb during installation but uses 5-10 Gb for a "final footprint" after the installation is complete. They might even take into account drive formatting, swapfile, etc. into that which will give quite a hit.

    To be honest, the initial install for Windows was always stupidly large for what you got - you can nLite and UPX and do all sorts of stuff and still get a working Windows installation in half the space. And even then, the Windows folder will grow dramatically over time and you install more and more. Every Windows installation I've ever had has hit the partition limit I set (generously, or so I thought on installation) and I've had to play "Program Files Folder Shuffle" to get space back on the boot/Windows drive - it's not even like it's my data or profile - that's stored somewhere else entirely.

    However, drive space is going to take a hit in the next few years on Windows 7's main target - netbooks... wasn't everyone planning on using smaller but faster SSD drives?

  4. Re:... and have for many years in their SEC report on Microsoft Acknowledges Linux Threat To Windows · · Score: 1

    The problem is that you, nor anyone else, has *any* idea actually how many Linux, etc. machines are out there. Nobody. You can't even *guess*. And even if you could, how do you count dual-boot machines, Linux recovery CD's supplied with machines (I've seen it - a dd image on a Knoppix boot disk as a recovery CD from a large, reputable PC supplier), etc. I'm personally responsible for at least several hundred (if not thousand) Linux installations just personally... not even work-related.

    Desktop is a poor metric anyway - how about "household"? ADSL routers, wireless routers, PVR's, who knows how many Linux-based devices are in the average household? It might not average out to 1 per household but I imagine it's much higher than you might at first think - and as a metric that means it has much more impact on the world - if it were to disappear, those products would be gone. Linux is even taking over where things like VxWorks were dominating, and people run VxWorks devices and don't even realise it (a lot of ADSL routers, even DVD players, all sorts). I've worked in large IT teams that didn't even realise that half their network routers, firewalls etc. were running some variant of Linux until they looked closely at them. And behind the scenes, most of their upstream suppliers (web hosting, application hosting, firewall, ISP, etc.) were Linux.

    The fact is... nobody really cares about desktop penetration. It's been proved that we can do it - Linux desktops exist and are as good as Windows... hell, we can emulate Windows on them satisfactorily enough for quite a lot of gamers and that's crossing over "acceptable" into "acceptable and we can play fancy mind-games too". I have a Linux desktop sitting here. Every machine I have has a Linux desktop available on it. I get just as much work / everyday stuff done on them as I do on MS. It's not up to anybody to *sell* it to other people as a concept, though. But when they get tired of MS, it's there as an alternative today. But it was a sideline, a distraction, a nice toy project. I work in IT in schools - we can kit out an entire school borough with Linux desktops in hours, but it's not what Linux was really designed for and it's not what people want (apparently people WANT to spend hundreds of pounds on shit OS's... you can't help that and nobody is *really* interested in telling people what to buy, except MS).

    It's fait accompli. Whether people choose to use it is up to them and part of the whole free software concept is that we don't tell them what to do with their computer. We let them choose. But suggesting that the 0.05% or 0.1% or any other published metric actually *means* anything about the operating system is madness. How many homes run Cray supercomputers? Oh, they must be crap, then.

  5. Re:The fastest version of Windows to shut down? on Windows 7 RTM Reviewed & Benchmarked · · Score: 1

    Even taking that into account, the OP's comments still ring true.

    If you're rebooting (and I thought we'd pretty much eliminated that in this day and age, to be honest, but some programs "insist" on a reboot when few are necessary) then you're at the behest of the BIOS, drive speed, boot loader, etc. anyway. And shutdown is less important that startup because at startup, by definition, you're waiting to USE the computer. Any semi-reliable machine is left unattended once the shutdown button is pressed, so who cares if it takes 10 or 30 or 60 seconds?

    This is true of all OS's. My Linux setup actually takes a LONG time to shutdown (the wrapper script around squid itself imposes something like a 15 second delay, then the kill scripts hard code a 5 and 10 second delay for programs to respond to signals before even *thinking* about killing off processes). I can't remember the last time I watched it happen - first, I avoid rebooting, second the shutdown is an automated process that allows me to walk away and just check that it's off next time I walk past.

    Shutdown time is, possibly, the most stupid metric ever to publish for a home PC. The second you install an antivirus or other "common" software, you'll triple those times instantly. The fact that it's the ONLY benchmark that 7 wins just tells me one thing - they're obviously not caching/swapping enough and/or intelligently enough - thus hindering performance but when it comes to shutdown... wow... not so much to clean up.

    Same applies to programs as well as OS's here... if a program takes an extra second to clean up and shut down, I don't really care. If that *hinders* me starting up a new process (heavy swapping, etc.) I care. On is more important than off by orders of magnitude.

  6. Re:Eh? on Entropy Problems For Linux In the Cloud · · Score: 1

    Even there...

    SSH is a non-starter. My SSH by default renegotiates keys every hour or 1Gb of data. Even if we assume that in that hour the network is relatively idle, even a "virtual" network connected to a real Ethernet or similar will generate enough entropy to handle that situation (just by mistiming, etc., of network interrupts in the underlying "real" OS - even on a local network). Until you get into dozens and dozens of simultaneous SSH sessions, you won't exhaust basic entropy.

    However SSL is much more of a concern, but there... you're into serious systems where you *want* to be using real entropy anyway, and probably *don't* run it on a cloud for very, very sensible security reasons.

    Again... anything where lots of entropy is *vital*, you'll be thinking about it differently anyway. I daresay there are SSH shell services running on clouds, as well as some idiot running his webstore without thinking about it, but that's just basics. And you'll find that the larger clouds *will* in fact have taken care of this problem by providing a decent amount of entropy anyway.

    Not saying the problem doesn't exist, but that we're into corner cases rather than "the sky is falling".

  7. Protocols on Null-Prefix SSL Attacks Enabled In New sslsniff · · Score: 2, Interesting

    Just wondering... will this help analysis of some "secured" protocols, maybe?

    I don't know how it works, but let's say something like Steam uses SSL or similar (I have no idea if it does, just pretend)... before we couldn't do the protocol analysis without a massive reverse-engineering going on (could only see "client to server" messages because we only have access to the client's private key). Now we might be able to fool non-patched SSL programs to believe that they are talking to an authentic server without having to delve into their code and thus be able to see / fake both sides of the conversation?

    Am I way off the mark, or is this now possible with unpatched programs relying on SSL etc. layers to hide their protocols?

  8. Re:Eh? on Entropy Problems For Linux In the Cloud · · Score: 1

    If you *can't* do this with your provider, but need a good RNG, then you don't "need" cloud computing. It's a cyclic argument. Use the tools for what they're designed for. *Need* randomness for security? Go elsewhere.

    Plus, if you're that big a user, the cloud will sort itself out for you (I'd be *very* surprised if the quality of the internal entropy of the well-known clouds wasn't already fantastic - this isn't a "new" problem for people running more serious setups) or find that every one of its customer's SSL certificates etc. are vulnerable in about 0.01 seconds.

    It's really a non-issue. Those that need it, know it, and know where to get it, and know to check it. Everyone else doesn't "need" it.

  9. Re:Eh? on Entropy Problems For Linux In the Cloud · · Score: 2, Insightful

    A bold assertion. I assume you're thinking of TCP sequence numbers or similar. Otherwise, I call bullshit on the "ANY".

    And the entropy provided by being connected to a network in any way, shape or form is enough for that purpose.

    Even in general, unless you're generating LOTS of SSH/SSL keys on some kind of automated process schedule, you're fine, and that's the sort of task that should be pushed out to a dedicated entropy machine.

    Otherwise, every ADSL router etc. in the WORLD would be worthless - no keyboard, no mouse, no disk interrupts, etc. and yet they run full TCP stacks that hold the majority of the world's home connections. The fact is that it's just not as big an issue as you think it is.

  10. Eh? on Entropy Problems For Linux In the Cloud · · Score: 3, Interesting

    If you "need" cloud computing, then you're bright enough to install an entropy daemon on one of the machines and maybe even slap a hardware-based RNG on it (probably worth sourcing a VIA or similar just for this purpose, to be honest). It's not hard.

    Anything else, your "randomness" really doesn't matter and the standard entropy will be just fine.

  11. Two words on UK Plans To Monitor 20,000 Families' Homes Via CCTV · · Score: 5, Informative

    Two words tell you everything you need to know about this story:

    Sunday Express.

    Move on. Nothing to see here. And, Slashdot, for God's sake... please check your sources in future rather than the random cranks.

    For those who don't know, imagine that bit in Men in Black where Tommy Lee Jones checks the papers for "information"... one of those would be the Sunday Express.

  12. So on Bootkit Bypasses TrueCrypt Encryption · · Score: 1

    If you give your PC to someone, with the capability to modify the innermost workings of the boot sectors, and then log into the PC indiscriminately without verifying that the boot sectors, etc. haven't been modified, it's possible that the password you typed on the keyboard etc. could be captured and then used later (assuming the rogue software would also have the capability send that password to the attacker and/or for the attacker to AGAIN gain physical access to the PC after you've typed in the password as well) to decrypt the contents of the hard drive.

    Yeah. And?

    Avoidance techniques possible: Not a lot.
    Avoidance techniques required: Don't log into a potentially (or, indeed, known) compromised PC, whether encrypted or not.

    Where's the news?

  13. Graphics, etc. on Next Console Generation Defined By Software, Not Hardware · · Score: 1

    It used to be that I looked at a screenshot / gameplay video partly for the quality of the images used in the game. Now I use it to exclusively spot:

    - cutscenes (I've noticed many games whose screenshots are ONLY cutscenes - AVOID)
    - gameplay elements
    - what they *don't* do (Mmm... they never bash that quite obvious object on the wall because the physics don't apply to it)
    - other problems.

    The problem with consoles is that people who are fanatical about them compare only graphics / sound / 3D capabilities. I don't care about that. If I pay for a game, I don't want to be paying pretty pictures - I want to be buying gameplay. As someone else pointed out, the winner of any particular "console war" is rarely the one that has technically superior statistics. The Wii is undeniably underpowered - who cares?

    I *stopped* buying consoles because they were so limited in their lifetime/upgrade potential. A modular console sounds like a great seller (buy the Wii 2 now and next year, we'll make the Wii 3 board fit alongside it inside the same casing!). But in terms of hardware, the specifications of any particular device are basically irrelevant. My Palm is significantly underpowered compared to my PC. As is my GP2X. But, they fit their purpose just fine and both have *excellent* software for the job they need to do (that's still improving all the time).

    Nintendo know this - their games aren't extravagant, aren't necessarily wonderful and popular and original... but they *are* playable. Very playable. Playable enough to feel like it was worth paying for console+game at the end of your first month of owning it. Not many other consoles have that.

  14. Ouch. on RIAA Says "Don't Expect DRMed Music To Work Forever" · · Score: 4, Insightful

    That's gotta hurt. How long before a retraction/denial/sacking?

    It doesn't matter. Most consumers learned long ago that this is the basic way of thinking with large music-related corporations. That's *why* piracy is so high. And the music industry still makes money (I have NO idea how, but it does... vast amounts).

    All this will do is increase piracy by another tiny percentage. That's it. The people who were borderline will think "That's enough" and everyone else will carry on as normal. And then there'll be another stupid announcemnt/technology/law/restriction and the borderline will shift again and again and again until, actually, *nobody* cares at all.

    Please, please, RIAA... consider what would have happened if you went back in the time to all the previous stupid announcements you've made and proclaimed the OPPOSITE. Consider what people would be using now instead of torrent'd MP3's - cheap non-DRM music from YOUR store (and now from Amazon nearly 10 YEARS too late). The next generation are being taught to ignore you, whether accidentally or not, and you won't exist to them - they have iPod's loaded up with MP3's and copy and share them indiscriminately, in the same way that schoolkids are basically taught to copy/paste images from Google Images into their coursework. The laws that *do* protect your business will become more like guidelines, until eventually they are never enforced at all.

    You're digging your own grave, and everyone is watching you, but you're the only one not to see it.

  15. Re:By the Way - this insane versioning bent on Debian Decides To Adopt Time-Based Release Freezes · · Score: 1

    This is one of the reasons I like Slackware.... tiny things like this ARE considered:

    cat /etc/slackware-version :-)

  16. Re:In defense of Winows... on Bill Gates Remembers 1979 · · Score: 1

    "How many of you have actually used Vista on decent hardware (post-2004) and had problems with it? That doesn't include: I don't like the search features, I don't like the fact that 512 megs of my 2 gigs of ram that I don't use anyhow are taken up, I want my 5 extra frames of Counter-strike back that were way above my monitor's response time and refresh rate back."

    Oooh, ooh, ooh, I'll take this one!

    Decent hardware - 2007 new purchase machines do you? A "viability" project for professional deployment of Dell desktops to an entire school site. We had the hardware, we just needed to choose XP vs Vista.

    "I don't like the search features" - User problem - learn the operating system or we could just provide an alternative. Nobody really uses search anyway ( 0.1% of our users had ever used the search feature).

    "I don't like the fact that 512 megs of my 2 gigs of ram that I don't use anyhow are taken up" - Erm... more like it took more RAM than we wanted it to, leading to swapping on our heavier apps (CAD, etc.)

    "I want my 5 extra frames of Counter-strike back that were way above my monitor's response time and refresh rate back." - Not an issue. In fact, if we could *cripple* 3D "games" that would have been a bonus :-)

    What we didn't like were the way it changed the network integration (our users needed to occasionally log in locally - RETRAIN), the myriad "features" that we had to go in and turn off to comply with our network policies (XP was a 3-A4 sheet of instructions to get it how we needed, Vista we hit page 5 or so before we started to give up on the idea entirely), the poorer performance on the same hardware with the latest drivers (it was late 2007, so Vista drivers should have been stabilised by then, pretty much), the destruction of a lovely simple interface, the THOUSANDS of new group policy settings (quite a few with undocumented knock-on effects) that forced us to redo all our network policies, etc. etc. etc.

    I'm not saying the problems were unsolveable (nothing's unsolveable in IT, but the fixes can get pretty damn ugly) or that we "knew" everything about Vista and weren't missing the obvious, but a team of IT people sat down with explicit instructions to "move onto Vista" and in one day of testing with an imaged machine each found enough to convince us and non-techy's above us that it was a waste of time, money and manpower.

  17. Re:way offtopic, but... on Bill Gates Remembers 1979 · · Score: 1

    Mmm. Had never seen that "puzzle" before.

    Maybe it's my analytical mind but it took me 14 seconds until I spotted the pattern, and a further 50 or so to confirm it against all the examples in the text. And, to be honest, I never even *thought* about the petals thing and then when I tried to apply it, it was a further 5 or so seconds to work out the exact "real-world" relationship that the hint is supposed to show. To be honest, if it hadn't jumped out at me, a simple simultaneous equation would solve that problem.

  18. Re:opera forced plugins (ever?) on Opera CTO Thinks IE Will Be Forced To Support SVG · · Score: 1

    Probably means that security nightmare of "generic ActiveX control being used in a webpage". Yeah, cos I *want* that in a browser.

  19. Re:not important on 26 Years Old and Can't Write In Cursive · · Score: 1

    Not whoosh...

    Just an unbearable compulsion to correct.

  20. Re:not important on 26 Years Old and Can't Write In Cursive · · Score: 1

    WRITING

    Whoever (one word)

    should HAVE

    people's (possessive)

    grammar

    any WORSE THAN before

    I've

    don't think they are.

    Bad handwriting won't stop slashdot trolls or grammar nazis existing. :-)

  21. Re:Ah, memories of days past.... on Most Expensive JavaScript Ever? · · Score: 1

    Bidding on US Postal service contracts.

    Shipping the stuff to them by FedEx.

  22. OOohh on Main Toilet On ISS Craps Out · · Score: 3, Funny

    OOohh, well.... (breaths in through teeth)... it's these space toilets. You just can't get the parts these days. I mean, I can probably have it for you for next month, how's that? Any sooner and it means a trip down to the warehouse to pick up bits. And, you know, my little van is going to struggle getting back to Earth and then back again, especially at this time of night.

    Tell you what I'll do... Tell you what I'll do... I'll ring me mate. He's just doing a job over on the Mars landers. He'll have it for you in no time, no time at all.

    Discount for cash?

  23. Re:You don't use A/V? Are you insane? on Security Threats 3 Levels Beyond Kernel Rootkits · · Score: 1

    P.S. Never "caught" a virus in fifteen years of computing, but found one once on a cover-CD for a magazine back in the DOS days. Networks I run don't get hit with virus outbreaks (and we're usually waiting for a week or two after Patch Tuesday's before we update and have a high Internet usage with completely unskilled users, on Windows XP and Server 2003 and an IT budget so low you couldn't buy floppy disks in one place!) - we get the odd virus on *personal*, standalone machines that have been taken home and brought into the network.

  24. Re:You don't use A/V? Are you insane? on Security Threats 3 Levels Beyond Kernel Rootkits · · Score: 1

    Sorry, what a load of crap.

    If my AV program does the primary job that it's designed to do, it will alert me to the fact that I've been infected. That's it. Does something about that seem totally WRONG to you? It's like saying that if the military does its primary job, they will tell us we've been invaded. Er, what's the point of that?

    AV *DOES NOT* stop anything, even with all the fancy-schmancy product titles that they want to use (RootkitHunter, AVToGo, Detect&Cleanse, etc.)... it merely detects the presence of a hostile element.

    Now, in my experience in IT support of Windows system (covering critical public-sector networks), 99.9% of virus infections are discovered because *WE*, the users and/or technician's notice the AV fail or something that's slipped past the AV (usually by the speed-hit on the computer concerned or the fact that it's dropped off the logs). If AV can detect something, it's ALREADY on the computer. It's *after* the event. Too late. Game over. Pointless.

    Now some parts of some AV packages are actually "ANTI" virus, in that they stop them happening in the first place. These products can be variously placed into the categories of: firewalls, pre-access scanners, permission-removers. Everything else that they do is ABSOLUTE bunkum.

    My own personal laptop... no AV. Hell, though, I have a firewall, a web browser that doesn't execute attachments and locked-down access to EVERYTHING on it. Why do I need a taskbar icon scanning EVERYTHING that EVER gets accessed on that computer 24 hours a day and can only pop up a box (possibly, most of the time the AV just dies with any half-decent virus infection) to say "You have a virus"? Everything past that point is worthless - "clean" shouldn't even be an OPTION, nor should "Delete" or "Quarantine" because in my own personal experiments, I've see it fail at a consistently high rate on machines with known virus infections, even with the latest signatures / program versions.

    Keep your computer up to date.
    Stop things executing.
    Check occasionally or when suspicions arise.

    On a network, sure AV is good to prevent dumb users not capable of following policy. At the network edge, essential (nobody gets a mail in my workplace without it having gone through SOMETHING to scan it or at least strip all attachments). On my own IT equipment? What a waste of time.

  25. Re:Windows on Windows 7 Clean Install Only In Europe · · Score: 1

    "Instant search."

    You provided your own criticism of that. Besides, I can't remember the last time I actually *searched* for a file that wasn't on long-term storage.

    "The ability to run as a non-Administrator without tearing your hair out."

    Okay, possibly. But to be honest, not that big a draw for me. Heinous a crime though it is, I'm often in as an admin user because I admin networks all day long. And on machines that only I ever use, there aren't even any other users, generally. Might help the odd family member out though, but I suspect that they are still capable of messing up the machine even without Admin access.

    "Previous versions."

    Was in XP. Sometimes you need to download an MS update to enable it, but I've been using it for ages, even across network drives etc.

    "New UI tricks. It's a snap to put two windows up side-by-side, each filling half the screen (just drag each window to the screen's edge)."

    Yeuch. Already have a ton of freeware that can do this better (and to be honest, nothing beats using sysinternals Desktop tool that give you X-like multi-desktops at the press of a hotkey) and without interfering with my normal workflow... just dragging something to the edge of the screen does stuff like that?

    "Automatic fetching of drivers from Windows Update. You don't even need to check the manufacturer's site for driver updates anymore."

    Hell, I don't even let XP or Server 2003 search the Internet for drivers even as an option... this sort of thing is disabled on every computer I've ever had or managed. It's a horrible idea. Last time I updated an NVidia driver on a networked machine it could only be salvaged by re-image.

    Thanks for the suggestions, though. Obviously a real-life user of Windows 7 with some actual good suggestions from real-world use. Just not relevant to my usage, that's all.