Slashdot Mirror


User: Just+Some+Guy

Just+Some+Guy's activity in the archive.

Stories
0
Comments
11,329
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 11,329

  1. Re:Leave it to microsoft on XP2 Spotted In The Wild · · Score: 2, Informative
    No OS can protect against malicious code running as root/admin.

    If the OS has the concept of a superuser, then you're correct. However, that's ignoring other OSes that are built on capabilities or mandatory access controls. Those do away with "root users" altogether, and replace them with users with sufficient access to grant necessary rights to other users. These aren't hypothetical creations, but real systems in use, today, in high-security installations.

  2. Re:I'm sorry, were you expecting better? on XP2 Spotted In The Wild · · Score: 1
    META REFRESH is not a good way to redirect people, and furthermore, it's not standards compliant. Allowing META REFRESH to direct users around the web without their consent is deceptive, and a major usability problem for users.

    Here's what we used refreshes for:

    Customers select a bunch of parameters for custom reports, some of which take over a minute and a gig of RAM to generate (think processing huge images based on database results). On our old system, customers would grow impatient and click "Generate This Report" several times until the webserver died a flaming death with a load average in the high 40s, no swap left, and all processes attempting to use 100% of the CPU.

    So, I rewrote those pages to send the customer to an intermediate page ("Your request make take some time to fulfill...") with no links to the page that actually launches the request. Then the intermediate page sends a Javascript redirect to the "real" target page (or gives them a "manual action needed" explanation and a link to the "real" page in the event that Javascript is unavailable).

    Basically, then, we're using refreshes and redirects as part of a system to keep dangerous items away from end users (the other part involves generating single-use "request cookies").

    Note that we did use META REFRESHes until recently, when we discovered that IE6 would choke when the target URL had a longish query string, so moving to Javascript was purely a functional decision

    If you have any ideas for how to better handle this situation, I would be extremely happy to hear them. Bear in mind that our visitors are often non-technical types that are accessing our site to check the status of packages that they've mailed to us, so we have to support pretty much every ancient browser in existence. As a side note, since I wrote the site in XHTML/1.0 with CSS and validated the heck out of it, it looks good and logical even in Lynx.

  3. Re:How about Dutch pot in the US? on Yahoo! Not Protected From French Anti-Nazi Laws · · Score: 2, Informative
    As far as I know, Dutch companies are allowed to ship pot to the US - or, at least, there's no barrier on their side of the pond keeping them from trying to do so.

    However, you can bet that the American who orders pot from a Dutch company is going to have some explaining to do when they arrive to pick up their package.

    I believe it's the job of the destination country to restrict their own borders as they see fit. Nothing you said would seem to contradict that.

  4. Re:Precedent on Yahoo! Not Protected From French Anti-Nazi Laws · · Score: 1
    Two differences:

    First, at least he was on American soil when they arrested him. We didn't declare him guilty, then ask the government of Russia to enforce the penalties levied against him.

    Second, I didn't hear anyone outside of Adobe and the government defend the case against Skylarov (sp?), and Adobe even buckled to popular pressure and washed their hands of the action. I certainly didn't hear anyone defending the US ("It's their country and their laws - respect them!"), particularly those of us who live here.

    Basically, we did something boneheaded but we admitted it. When France admits that their imperialist law enforcement is stupid and unmanageable, then we can revisit the topic to see which country handled the situation better.

  5. Re:As a teenager (14) who uses computers... on Always Use Protection · · Score: 1

    Real men pipe netcat into openssl into /bin/sh, but those people are just freaks and I don't hang around with that sort.

  6. Re:As a teenager (14) who uses computers... on Always Use Protection · · Score: 4, Insightful
    Absolutely, positively, yes . Linux exploits are comparatively less common than those for Windows, but they certainly exist. Do you leave your computer turned on when you're on vacation with your parents? If so, what happens if, say, SSH gets cracked and your system is 0wn3d before you get home?

    A good rule to follow is to treat all Unix systems like servers, regardless of what role they actually serve. If your machine is listening on a network-accessible port, then it's your responsibility to protect that port.

    If you're 14 and administering your own Linux system, then you probably have the intellectual curiosity to do well working with computers. However, you don't have even half of the professional paranoia required to make the leap between "competent" and "great". Unfortunately, only time and mistakes will get you there. Just do what you can to make your learning experiences as painless as possible.

  7. Re:Ciphertrust, too... on Revolutionary Spam Firewall Developed · · Score: 3, Funny

    Darnit! The spam filter I was writing lets everything through, then picks through my inbox over the course of the next month to highlight possible spam in chartreuse. Back to the ol' drawing board...

  8. Re:One word. on Why is Java Considered Un-Cool? · · Score: 1

    Yeah, but it was a lot funnier than what you said.

  9. Re:One word. on Why is Java Considered Un-Cool? · · Score: 1

    Yes, but relying on the backtick operator limits your CLASSPATH to only about 64K characters, so you'll probably need to split that into 5 or 6 chunks.

  10. Re:why? on How Google Could Overthrow AIM · · Score: 4, Interesting
    How many people do you know who are running IM clients they've written themselves?

    I do. Or more correctly, the company I work for runs the IM client that I wrote. Why? Because we wanted to add web accessibility to our IM system, and it was nearly trivial to throw that onto our Zope server. What's the going rate for integrating MSN or Yahoo! onto a pre-existing Unix web server these days?

    Yeah, I realize that this is a very atypical situation, but just because you don't know someone who's written their own client doesn't mean that noone has. There are a lot of niches where Jabber scales down brilliantly, but where the old, closed systems don't seem to scale down at all.

  11. Re:Once on Best Buy Sued By Ohio · · Score: 1
    A 15% restocking fee will be charged on returns or exchanges of any opened notebook computer, camcorder, digital camera or radar detector, unless defective.

    Know what? 5 seconds in a microwave will make pretty much anything electronic defective.

    Screw Best Buy. I'll never try to pull one over on Wal-Mart, because their return policy is so darned reasonable. On the flip side, I have no moral qualms whatsoever with doing anything it takes to get Best Buy to honor their policies, or even to use them to get free out-of-warranty repairs on things I buy at other stores (eg break an item, buy an identical one at Best Buy, then return the defective one). While I'd never consider doing that at any other store, anything you can get away with at Best Buy is perfectly fair and moral in my book.

  12. Re:Personality depends on language, too on One, Two, Many - Language Shapes Thought · · Score: 1
    My Spanish self spent Spring Break in San Miguel, BC, drank Dos Equis around a beach campfire, and tore through the carne asada burritos that his Mexican girlfriend cooked while the stars came out over the tent.

    My American self spends half his time driving screaming kids around in a minivan, and the other half in a dark room conjuring challenging but glamourless shapes out of code.

    Yeah, I can identify with missing your foreign-language identity.

  13. Re:Wrong again! on Senator Blacklisted by No-Fly List · · Score: 1
    Trust me, it's almost as fun for Americans driving into Canada. My in-laws live in Buffalo, NY, and during a recent visit a few of us decided to head over to Canada to look at Niagara Falls and eat dinner. We didn't get pulled out of line, I'll grant you, but the agent's evil eye had me about ready to confess to whatever crime she was ready to offer.

    Now, I know that terrorist come in all shapes and sizes. However, they probably won't manifest as a late-model minivan full of middle-class 20- and 30-somethings armed with video cameras and party clothes. As I said, we didn't get detained, but there's no doubt in my mind that if I'd said anything more complex than "yes, ma'am", "no, ma'am", or "the Falls and dinner, ma'am", that she would've been field-stripping the Toyota Family Truckster in a heartbeat.

    My wife said that it was fairly common to get stopped and searched on her way in, but that she almost never got stopped on the way out. I think the moral is that "foreign" countries tend to make entry a chore. Returning to your home country is usually pretty easy.

  14. Re:Help me keep a new spammer from being created! on UK ISPs to Shut Down Spamvertised Websites · · Score: 1

    Correct, and from the /26 netblock that they use to run their web hosting service (and SMTP relaying for customers). Oh, and my backup MX and DNS until this whole plan came to light and I pulled my services back to safer accomodations.

  15. Re:No WEP? So what! on 80% of WiFi Networks are still Insecure, Kismet Author Says · · Score: 1
    In the event you're not trolling...

    I can't think of how many times my friend and I have changed peoples settings on their linksys because they are so fucking stupid they don't even change the default admin password.

    If you decide to help me "secure" my network, which barely covers my own private property, be well armed.

    How hard it is to enable MAC filtering? How hard is it to disable SSID, which is not needed at all for the wireless router to function properly? WEP might be shit but its better then nothing.

    How hard would it be to stable my shoe to the ground? Pretty easy! But would security would that buy me? The same goes for your suggestion - would would adding lightweight encryption to the locked-down network gain? You can't just throw crypto at something and say "ooh, secure!"

    One day you will be arrested when cops come to your house charging you with downloading child pornography because you didn't secure your router.

    Which router? The OpenBSD firewall, or the WLAN router in the DMZ?

    Since you seem to think that security isn't important and sharing is. May I have your credit card number and social security number?

    Sure! Just come onto my property, sneak past my dogs, connect to my "open" WLAN, crack the bridged firewall, guess my SSH RSA key, and have at.

  16. Re:Can anyone enlighten me? on 80% of WiFi Networks are still Insecure, Kismet Author Says · · Score: 2, Insightful
    So can somebody please explain to me how wardriving is any different to cruising around the 'hood looking for unlocked front doors and then walking in to take what you want?

    It seems to be that simply sniffing for open WAPs is more akin to driving down the street and looking for open doors with little red spinny lights in front and neon signs saying "We're Not Watching! We're Not Watching!".

    Actually testing that connection is different; that would be like walking into one of those buildings to see if it's really unguarded. Allowing a WiFi card to perform its designed task of attempting to connect to access points doesn't seem terribly bad, though. I think it's more like smiling at strangers to see who says hello.

  17. Re:Help me keep a new spammer from being created! on UK ISPs to Shut Down Spamvertised Websites · · Score: 1
    It's not that difficult to fathom. Home mortgages, car rental agreements, car purchase agreements, EULAs, employee agreements... any of them could bury a legal jargon form of "opt-in". The majority of people don't read them and those who do usually don't have a positive option.

    I think that's how his boss is justifying the project - those people didn't say that they didn't want random spam, so they're fair game.

    As far as the gay porn example, you're right. The main point I was trying to get across to his wife was that just because your boss wants to pay you for something doesn't mean that it's moral, ethical, or legal.

    your friend has little recourse should his boss decide to sit back and smugly think,"I'm going to tank your career because you wouldn't spam for me."

    That's the most depressing thing I've heard all day. :-/ On the other hand, I also used to work for the guy before my wife accepted a job in another city and we moved away. If it weren't for that, I'd probably still be working there, and as the senior sysadmin I would be the one with that sucky choice. Therefore but by the grace of God go I...

  18. Re:Help me keep a new spammer from being created! on UK ISPs to Shut Down Spamvertised Websites · · Score: 1
    Oh, I'm sure we could figure a way to stick "Nigeria", "enlarge", and "lottery" in there somewhere unobtrusively. :)

    As far as the other suggestions, my friend just bought a new house and probably isn't in a position to quit his job before finding a new one. I'm sure that if he manages to land one then the situation will change radically and quickly. In the mean time, though, I'm mainly looking for ways to save his job and keep his boss (who I like and worked for before I moved to a different city) from doing something that could ruin his business.

    However, if they insist on going through with this, then their ISP (and every blacklist I use) will know about the problem before the first batch starts going out. I've written quite a few HOWTOs on blocking spam (see my homepage for the Wiki hosting them) and have no intention of letting more loose upon the world when I can do something about it.

  19. Re:Help me keep a new spammer from being created! on UK ISPs to Shut Down Spamvertised Websites · · Score: 1
    That's not a bad idea. If I can find a wide enough pool of other people that know about (so I can avoid implicating myself) I might think about doing just that.

    I've also considered telling Large Other Client that Friend's Boss is thinking about spamming. You can switch ISPs pretty easily, but it's not so easy to find another customer that accounts for more than 50% of your company's income. I don't think Large Client would drop them, but I think they might be able to bring enough pressure to bear to convince Friend's Boss to forget the idea.

  20. No WEP? So what! on 80% of WiFi Networks are still Insecure, Kismet Author Says · · Score: 5, Insightful
    We've been over this time and again, but my own WLAN is wide open; anyone with any MAC can connect without WEP, and I even broadcast the SSID.

    Of course, that gets you an IP that lets you ping the firewall. More specifically, you can ping the dedicated NIC on the paranoid OpenBSD server that lets through connections to my Squid server (which requires authentication), my mailserver (which requires authentication), my DNS server, and my NTP server.

    If getting an IP on my WLAN counts as "insecure", then count my network as bad. However, that's a bit too broad a brush for my tastes. In my setup WEP offers no advantages whatsoever so I never bothered with it, but I guess that makes me just another dumb newbie in their survey.

  21. Re:O villain, villain, smiling, damned villain! on UK ISPs to Shut Down Spamvertised Websites · · Score: 1
    I've tried. I think he's looking, but he lives in a city with an even worse tech market than the one I'm in. The sad thing is that other than this, he seems to have a pretty decent work situation - full-time telecommuting, good pay, etc.

    You know, "accidentally" aliasing the "Remove me!" address to his boss's account and then being unavailable for the next 24 hours or so may not be a bad idea.

    I also had the idea of explaining to his boss that being a spammer means that your IP will be blacklisted by the time your finger leaves the "submit" button (or the enter key after typing "cat msg | sendmail"). Even if his ISP doesn't dump him on the spot, one of their much larger clients who sends out about 30,000 newsletters per week to legitimately opted-in customers and who uses email to send receipts for online sales may get pretty pissed off when their messages start bouncing.

  22. Help me keep a new spammer from being created! on UK ISPs to Shut Down Spamvertised Websites · · Score: 4, Interesting
    A friend of mine (a real friend; not a thin abstraction of "me") works for a company who designed and hosts another company's website. That company procured a list of "millions of guaranteed opt-in email addresses!" and contacted my friend's boss to send them all a newsletter.

    Now, my friend's boss is putting a lot of pressure on him to send these emails. My friend asked me for help but I flatly refused regardless of price. He really doesn't want to do it, but his boss is leaning on him, and his wife's opinion is that since he's getting paid for it, he should just do the work (my retort being that if his boss wanted to pay him to star in gay porn, then would he still be expected to do so?).

    I've explained at great length that this is immoral, probably illegal, and a really stupid idea all around. He agrees, but his boss really wants that check from the client and I don't know the boss well enough to confront him directly.

    Any suggestions on what I can do to put an early end to my friend's career as a spammer? I love the guy like a brother and don't want to see him rendered unemployable and hated by his family and friends, but I also don't want him to lose his job.

    My best idea so far is to get him to convince his boss to start with a very small batch of spam (say, 1000 addresses) and to have my friend report back after a few minutes that the batch has been sent (but without actually doing it). Then, about five minutes later, call the client and scream, curse, and scream some more at them for filling my inbox with their crap. Get about 10 other people to do the same thing, perhaps even in person at the company (a restaurant), until the client keels over dead in their panic to call of the "advertising campaign". Note that my friend is the only technical person at his company, so the odds of anyone other than him being able to determine whether those 1000 test emails were actually sent is roughly zero, and if there were any question, I'm probably the person that his boss would call to seek confirmation ("Yep, looks like he sent 'em at 11:30. What? The client went out of business at 11:45? What a coincidence!").

    To repeat: "my friend" is not me, so don't bother lecturing me on the evils of spamming. I just want to help him stay an honest man.

  23. Re:Specific Ocean? on Writing Software for Worldwide Distribution Proves Difficult · · Score: 1
    Most people in France for instance, probably have no idea their country is only slightly larger than Texas

    Not even close. At 547,030 square kilometers, France is less than 80% as large as Texas (at 696,241 square kilometers). In the words of the CIA World Factbook, it's "slightly less than twice the size of Colorado".

    or that Alaska alone is larger than most of Western Europe.

    I'll give you that one. All of Europe covers 3,837,081 square kilometers, while Alaska is roughly half as big at 1,717,854 square kilometers.

    Distances here in the US tend to be... large. It's an 1100 mile (~1850km) drive each direction to my in-laws' house. We just got back from a quick weekend trip to a friend's house in an adjacent state which was 450 miles (~750km) each way (but we got to see Mt. Rushmore, The Badlands, The Black Hills, and Wall Drug).

  24. Re:"Better than MARS" FAQ on Semper WiFi · · Score: 3, Informative
    MARS was a godsend when I was on a "cruise" to Somalia in '94. For those too lazy to read up on it, it basically worked like this:
    1. You'd type out a phone number and a short message (limited to something like 64 words) to a loved one and save it to a floppy in a special format.
    2. Give said floppy to the guy onboard who was running our end of the MARS network - basically, one of your shipmates entertaining his off-duty hobby.
    3. He'd batch up all of the outbound messages and blast them out via packet modem.
    4. Your message would be routed through HAMs until it reached one in your local area code, who would call your recipient on the phone and read the message to them.
    5. If they wanted to reply, the HAM would transcribe their message, route it back to the stateside MARS station, and broadcast it back to the ship.
    6. The shipboard MARS guy would print out a few pages of messages, cut the page into strips (one per message), and send them out via the intra-ship mail envelopes.
    The total turnaround time from when you first typed your message to when you received the response was on the order of 48 hours. Compared with a roughly two-month turnaround on snail mail, it just practically like making the phone call yourself.

    Did I mention that this was completely free of charge for both of the end parties involved? I've never actually met a MARS operator, but if I do, first drink's on me.

    As a side note, MARS is directly responsible for me working with computers. I was a surgery tech on ship, but I knew enough programming to write a little BASIC app to run on our 8086 laptop to let anyone type their message, apply the appropriate constraints on it (checking for word length, number of words, etc.), and correctly save it to a floppy. People in the department would wander by, type their little message, and get a nice surprise two days later. My coworkers were happy enough to tell my boss, who was good enough to point out that while I didn't seem to like being a surgery tech, I definitely liked programming, and I should get out of the Navy and go to college to study CompSci. Ken Schnapp, in the unlikely chance that you read Slashdot: thanks, man!

  25. Re:Ridiculous names on Mozilla Releases Mozilla Sunbird 0.2 · · Score: 1
    Do you drive a Chevy Medium Size Car or a Nissan Small Truck? Is that Pepsi Brand Sugar Water in the cupholder, or do you prefer Lipton Boiled Leaves? My kids are big fans of Tropicana Fruit Extract, and you can often find some in the back of my wife's Toyota Scaled-Down Van.

    Few other industries that sell to end users give their products strictly descriptive names, so why should software be so named?