Slashdot Mirror


User: chill

chill's activity in the archive.

Stories
0
Comments
4,651
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 4,651

  1. Re:Security Vs Usability on Windows Exec Doug Miller Responds · · Score: 1

    Check out http://www.securityfocus.com before you continue.

    Microsoft has a bad reputation on security for many reasons. One of which is that they have, in the past, been notified of glaring security holes in their software (IE) but not issued fixes for MONTHS.

    They routinely downplay security issues and have actively tried to hamper postings/warnings about MS-related security issues.

    Fixes quite often AREN'T fixes (see the one about IE earlier THIS WEEK).

    Microsoft software comes from a heritage of the unconnected or limited-connected desktops. The environment was neutral at worst, and friendly most of the time.

    Unix (Linux, BSD, etc.) comes from a heritage that has already been burned many a time by the big, bad, interconnected world. Because of this they tend to take a more serious view on security.

    Its like coming from the friendly small country town where no one locks their doors and everyone leaves the keys in the ignition.

    You don't do that when you live in the middle of the big, bad city.

    On the other hand, the reputation is a bit overblown. Many problems stem from their userbase not applying patches or ignoring security warnings. While this problem exists for all operating systems and software, it is more prevalant for MS because they are everywhere and their userbase is more...um, "un-knowledgable".

    --
    Charles E. Hill

  2. Outlook Scripting on Windows Exec Doug Miller Responds · · Score: 1

    It does if you are doing e-mail merges from a Word doc or an Excel spreadsheet.

    It does if you don't want to duplicate an contact list in an Access database.

    It does if you want to use it in a corporate environment with document approval, routing, voting responses, etc.

    Outlook (not Outlook Express) is NOT just an e-mail client. It is a groupware-enabling messaging client. It is the communications infrastructure of a Windows box. It is VERY powerful and VERY useful -- but potentially dangerous if misused/improperly configured.

    --
    Charles E. Hill

  3. Re:I don't know what else I expected... on Windows Exec Doug Miller Responds · · Score: 1

    Actually, some of the distros now have an "autologin" feature that will bring you right in. I use it on machines that I have controlled physical access to (locked in my room) that have nothing critical on them.

    Also, you can set a policy in Windows 9x to require a valid network login. Is it 100% bulletproof? No, but it stops casual abuse.
    --
    Charles E. Hill

  4. Re: RedHat profits on Windows Exec Doug Miller Responds · · Score: 1

    I thought Red Hat posted numbers amounting to a LOSS of $600,000. They called it "break even" in comparison to losses of millions. They are projecting a possible profit NEXT quarter/year.
    --
    Charles E. Hill

  5. Re: What Customers Want on Windows Exec Doug Miller Responds · · Score: 3

    Customers want convenience first, last and in between. EVERYTHING else is a distant second (if not third or fourth).

    Windows is a major success because it is everywhere. You can get software for it at every store that sells software (except the 0.01% that sell only Mac or Unix). This means CompUSA, Best Buy, Walmart, etc.

    99% of the files/data found on the 'net can be loaded/run in Windows. (You might not be able to get them out once in, but that is a different story.) Convenience.

    Convenience will convince people to put up with blue screen crashes, crappy software, extra expense and everything else.

    I can't remember how many times I drove by my local CompUSA or Best Buy and wanted to buy a game -- but they don't have them for Linux. (The manager at the local CompUSA now tells me "nope -- nothing yet" before I even ask if they are going to stock anything.)

    Linux won't be able to match them on the desktop until it can match them in convenience. Eazel is working on one track with Nautilus and their services -- so is Red Hat. More needs to be done.
    --
    Charles E. Hill

  6. Re:Why OpenSource it? on Be, Inc. Says Cash Can't Last Past Q2 · · Score: 1

    How about a fully-multithreaded, 64-bit journaling file system?
    --
    Charles E. Hill

  7. Re:Product for nobody... on Be, Inc. Says Cash Can't Last Past Q2 · · Score: 1

    There is a history of all this (Apple & Be) on one of the Be web sites. (I can't remember which one.) Interesting reading.

    Basically, JLG fucked it all up with arrogance. He thought he had Apple over a barrel and was going to screw them hard. He wanted a lot of money -- and almost got it. He pissed too many people off with his attitude and Apple dumped him for Jobs and NeXT.

    Too bad, Be was a killer OS and could have really helped Apple move to something other than an MS pet to be trotted out whenever the gov't questions them about "competition".

    (The web site was very pro-Be and pro-JLG -- the entire article seemed to be of the slant that "that's JLG's personality and he's so great you must forgive him".)
    --
    Charles E. Hill

  8. Re:Opensourcing BeOS... on Be, Inc. Says Cash Can't Last Past Q2 · · Score: 1

    That's a hell of a lot better than just letting them fade away and forgetting about them.

    There are plenty of products where you wouldn't care (or even notice) it they faded away.

    Wanting it as OSS is a compliment on their work.
    --
    Charles E. Hill

  9. Re:This ought to help on K12Linux + LTSP = .edu Terminal Server Distro · · Score: 1

    Have you looked at school materials lately? Most textbooks are rife with errors. Most schools don't have enough money and teachers regularly supplement supplies from their own pocket.

    School systems sign "exclusive" contracts with the likes of Coke (so no Pepsi vending machines are on campus) and CNN (who provides "free" educational programming, but with CNN news, the CNN logo, etc.). CNN (like all major news media) is seriously biased.

    Ideally, what you are stating would be great. Complete unbias and tools chosen solely on their merits. However, in the real world this almost NEVER happens.

  10. Re:Isaac Asimov... on Harlan Ellison on Copyright Infringement · · Score: 1

    No my viewpoint would NOT be different.

    "To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries;"

    Do you see the word "families" in there anywhere? How about "estate" or "publisher"?

    * * *

    The answer is "Life Insurance" like the rest of the working world has.

    As a network engineer, my family doesn't get squat the minute I die other than my investments and life insurance.

    Any support contracts I had aren't payable to my family. I can tell you none of my customers are going to want my 11 year old son working on his WAN switch. (Not more than once, anyway.)

    * * *
    Second take:

    If the publishing cos had the material prior to his death (they previously published or it was public) then let them publish. Anyone could take it and redistribute on the net, etc. This would seriously cut into their profits.

    Material that WASN'T public (like Heinlein's "Grumblings From The Grave") would be copyright by his WIFE, since she owned the private documents. They would then obey the same rules.

  11. Re:Isaac Asimov... on Harlan Ellison on Copyright Infringement · · Score: 1

    Yes, I know Virginia Heinlein assisted just like I know she was responsible for much of the collection and editing of "Grumblings From the Grave" -- published (by R.A.H.'s wishes) after her husband died.

    Does no one understand the concepts of "financial management" and "life insurance"? My family doesn't get a dime from my career after I am dead, other than life insurance and what I have invested/saved.

  12. Re:Who's Harlan Ellison? on Harlan Ellison on Copyright Infringement · · Score: 1

    Damn, 'cause I really like the Stainless Steel Rat series. :-)

    Oops...

  13. Re:Compiling GCC on Bundeswehr Says Microsoft Software Verboten · · Score: 1

    I have compiled GCC twice in the last week (making a new system using linuxfromscratch.org materials), and with the just release of 2.95.3, I'll be compiling again this week. :-)

    GCC has a "make bootstrap" which means to compile GCC, then compile again with the newly compiled version and compare the two. This is why using something other than GCC for step #1 would be good -- odds of it bugging GCC to bug GCC are astronomicly small.

  14. Re:Serious Euro-funding for Open Source on the way on Bundeswehr Says Microsoft Software Verboten · · Score: 1

    True, but the military doesn't count as "most users". They hae a level of paranoia most people only have nightmares about. "Trust" takes on an entire new meaning.

    Of course, if the source were open, you might not have to audit everything yourself. A trusted 3rd party (like the OpenBSD core) does the job. It's a question of WHO to trust and Microsoft has proven itself to be UNTRUSTWORTHY by its actions.

  15. Re:3D on MGA - closed source only on XFree 4.0.3 Released · · Score: 1

    Microsoft has for years claimed that the #1 cause of blue-screen crashes on Windows was from poorly written drives (not their fault -- someone else did it).

    Specifically, they blamed video drivers.

  16. Re:Serious Euro-funding for Open Source on the way on Bundeswehr Says Microsoft Software Verboten · · Score: 1

    Wrong. Source is good, if you can USE it -- unlike Windows. If they even bother to let you see the source, there is no way you can compile it and use it.

    Only a fool trusts separate binary and source packages.

  17. Re:Um... on Bundeswehr Says Microsoft Software Verboten · · Score: 1

    I dunno. Is it pure ANSI C?

  18. Hydrogen Power on Hydrogen Powered Cars · · Score: 1

    The best info I have found is
    here. Very informative.

  19. Re:Why? on Anti Spamming Act 2001 Proposed · · Score: 1

    Computer Tresspass is a law in several jurisdictions, too. A nasty penalty in Florida. (Up to 20 years, I think.)

  20. Re:The penalty is too light... on Anti Spamming Act 2001 Proposed · · Score: 1

    And if I have a program send it, with a minor mod, to one person at a time?

    The mod makes it a different e-mail, or are you (or Congress) going to tell me exactly how much I have to change the message to qualify as "different"?

    Are you also going to regulate how many messages I send over a period of time? Who makes this decision.

    I filter my postal mail, and it takes me longer than filtering my e-mail (what can be, and is, automated).

    Don't give be that bullshit about "it costs the receiver" either. Internet access costs have gone DOWN for the end user since the Internet began. I (like everyone else except those accessing via long-distance telephone calls) pay less now than I ever have for equivalent net access.

    Yes, it probably costs the ISPs more, but it doesn't come anywhere NEAR the costs that they have saved from cheaper hardware & bandwidth.

    The CORRECT solution is NOT to legislate, but for ISPs to offer filtering as a premium service. Don't want spam, have your ISP block 90%+ for $2.95 a month extra.

  21. Re:Um... on Bundeswehr Says Microsoft Software Verboten · · Score: 1

    Very intersting paper. Thanks.

    An idea...

    This is a very specific type of compromise. Say the binary of GCC is bugged. It would seem to have to be bugged for a specific thing (like recompiling untainted GCC souce with the bug). It would be VERY difficult to bug something other than the target (like, Apache or the kernel). Generic bugging would be a bitch. (Are we going to bug "Hello, world?" It would be pegged the first time some ASM student was trying to debug/analyze the generated machine code.)

    So... what are the odds some other C compiler is bugged with a target of GCC? Build GCC with something else (or several somethings and do some comparisons of subsequent GCC output).

    Not mathematically provable as secure, but I'll bet a statistician could give a lot of 0s worth of improbable.

    Of course you could always code your own C compiler -- by hand from Assembler. :-)

    Hmmm...how tough would it be for Intel to embed some microcode in a P-III or P-IV (or better yet, combined with an i810 controller chipset) that monitors for an ethernet/TCP-IP connection and sends a little message...

  22. Founding New York on Bundeswehr Says Microsoft Software Verboten · · Score: 2

    If we find the receipt, can we give it back?

    :-)

  23. Re:Let them review the code on Bundeswehr Says Microsoft Software Verboten · · Score: 1

    Irrelevant.

    You must be able to COMPILE the source and use it. You must also trust the compiler (make --bootstrap), which means have the source, etc.

    The song "Head Like A Hole" is about Microsoft. Listen to the lyrics. (NIN, I think.)

    "Head like a hole, black as your soul,
    I'd rather die, than give you control.
    Bow down before the one you serve,
    you're going to get what you deserve".

    If that ain't Bill G. and MS, I don't know what is. :-)

    Its all about control, boys and girls. The RIAA, MPAA, MicroSoft, Sun, the U.S., German and any other gov't... all of it. Everything else is secondary.

  24. Re:Give me a break on Bundeswehr Says Microsoft Software Verboten · · Score: 1

    Actually, the U.S. Gov't is one of the bigger users of OpenBSD (Canadian).

    The Linux kernel started Finnish (Linus) and is now an international product (look at the list of contributors).

    The won't spend the money to start from scratch -- it will cost too much. The will most likely use an existing open source product (BSD or Linux) and go from there.

    Can you see them writing EVERYTHING from scratch? OS, word processor, spread sheet, etc.? All the daily use stuff?

    Forget it. Have your own code boys audit Linux/BSD and the open source packaged you use (Open Office -- which BTW used to be STAR Offce -- from STAR DIVISION, a GERMAN COMPANY).

  25. Re:Ever hear of encryption on Bundeswehr Says Microsoft Software Verboten · · Score: 1

    Most of the encryption software on Windows goes thru the CryptoAPI built into the system. This way it is "integrated" and easy to use.

    If the CryptoAPI implementation is compromised, then everything else is, too.

    Amazingly enough, you are not allowed to compile your own version of Windows so you can validate the CryptoAPI. (No, seeing the source is NOT enough. How do you know the souce you are seeing is the one that was compiled for your system?)

    As for software that DOESN'T use the CryptoAPI, it is few and far between. There are also several other ways to compromise security if the OS is evil.

    The ONLY way would be to encrypt the data elsewhere, no no unencrypted version ever touched the questionable system. You would have to have complete trust in the system doing the encryption (aka -- not an MS product for anyone who HASN'T had a lobotomy).

    China, Mexico City, the German Military... one by one they will be assimilated into the NEW collective.