Slashdot Mirror


User: drsmithy

drsmithy's activity in the archive.

Stories
0
Comments
12,153
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,153

  1. Re:The review needs ... google on The Book of Xen · · Score: 1

    The review needs to list, what the book has, that a google search will not find for free.

    Off the top of my head, I'd go with coherency, structure, and a lack of insults.

  2. Re:Removal instructions from the site on Malware Found Hidden In Screensaver On Gnome-Look · · Score: 1, Interesting

    The only cure is education.

    Wait, what ? Slashdot keeps telling me the user is not a factor in malware infections, how will "education" help ?

  3. Re:Not really on Microsoft To Get Malware Bailout In Germany · · Score: 1

    A million systems that probably won't ever be repaired, are a "more valuable target" than a single system that will be repaired in a matter of hours, if not minutes.

  4. Re:Windows is vulnerable because that is profitabl on Microsoft To Get Malware Bailout In Germany · · Score: 1

    People at the call center could educate callers that the apparent reason Microsoft products have so many vulnerabilities is that Microsoft top managers don't allow Microsoft programmers to finish their work. Unfinished, vulnerable, buggy, limited software makes more money when a company has a virtual monopoly because then the company can sell "upgrades" and upgrades and upgrades and ....

    What non-trivial software packages are you thinking of that *aren't* patched, upgraded and replaced over time ?

  5. Re:Not really on Microsoft To Get Malware Bailout In Germany · · Score: 1

    This argument is beaten to death. Linux runs the Internet. There is no higher value target than the server that stores the files and databases for thousands of users or processes their credit cards and here market share is more evenly matched.

    Sure there is. Millions of systems that aren't constantly monitored and maintained by professionals.

    Which cars do you think get stolen more ? The ones in guarded, restricted-entry garages full of video cameras, or the ones parked in dark alleys ?

    Your argument is specious.

  6. Re:Not really on Microsoft To Get Malware Bailout In Germany · · Score: 1

    The current Windows (NT based) did not evolve from DOS at all, it has its roots firmly with OS/2 [...]

    Windows NT did not evolve from OS/2. It was designed and built independently to _replace_ it.

  7. Re:Not really on Microsoft To Get Malware Bailout In Germany · · Score: 1

    Yes, but it has to be done. Which means you have to persuade someone to do it.

    Users have demonstrated a willingness to extract files from password-protected zip files and run them. How hard do you think it's going to be ?

    Set where?

    Putting them inside a tarfile is the most obvious method.

  8. Re:Not really on Microsoft To Get Malware Bailout In Germany · · Score: 1

    If some some one sells you a car with defective locks, aren't they somewhat liable? WHy should you have to call someone who saya "change the locks at *your* expense." You've already paid for the car, why pay more?

    How about when the locks are fine, you just don't use them properly (or at all) ?

  9. Re:Not really on Microsoft To Get Malware Bailout In Germany · · Score: 1

    No matter how much the apologists bray, the fact is that Windows has the most infections.

    As they say so commonly on Slashdot, Correlation != Causation.

    but it ignores deep design flaws in Windows itself!

    For example ?

  10. Re:A very simple example as to why it is not the c on Black Screen of Death Not Microsoft's Fault · · Score: 1

    No, your problem is that you are refusing to look at this from a technical perspective yet you are providing technical solutions which of course make no sense because they are cargo cult knee jerk reactions.

    I haven't "provided" any solutions at all.

    You really aren't reading anything I write, are you ?

    Your assumption that your MS Windows registry files for example are trivially replaceable shows that you are way out of your depth on this one and would be far better off arguing about something you know about instead.

    They *are* trivially replaceable. In the worst case, a system can be reinstalled in a few hours.

    That is why I've kept this going so that people are not tempted to follow the advice of an overconfident idiot.

    I haven't offered any advice, and I certainly haven't done so "overconfidently". Much like you haven't addressed any of the points in my responses.

  11. Re:Is a movie theater really a public place? on Woman Filming Sister's Birthday Party Gets Charged With Felony Movie Piracy · · Score: 1

    No, because that's an entirely different situation.

    Why ?

  12. Re:A very simple example as to why it is not the c on Black Screen of Death Not Microsoft's Fault · · Score: 1

    I see the problem and where you do not understand.

    No, you don't. I say this with confidence, because I can see you are still arguing against something you *think* I wrote, not what I actually did.

    You are blaming the user for a failure of the developer. The "dancing bunny" problem only occurs on "unprofessionally designed" (to borrow your irrelevant phrasing) multiuser systems.

    Rubbish. It's inherent to requiring the ignorant to make intelligent decisions with neither the knowledge now experience to do so.

    With decades of poor interface design we have also trained the users to click "OK" when confronted with confusing messages.

    The use of generic terms like "OK" in dialog boxes is not ideal UI, but it is far, far from a root cause. Users are not "trained" to click OK to get rid of confusing messages, they are "trained" to click whatever button both gets rid of the confusing message and gives them the result they want. Whether it says "OK" or "Let this application access my address book and send mail", they're going to hit that button if it lets them see the dancing bunnies.

    Through some odd perversion of logic you wrote that because this happens on one multiuser system the entire concept is bad.

    At no point, in this discussion or any other, have I even *suggested* "the entire concept [of a multiuser system] is bad", let alone stated it outright.

    I suggest taking a more mature attitude and considering what you are writing instead of this ill-informed blame game on something that is clearly so far outside of your chosen fields of interest that you have not even attempted to grasp the basic concepts. Your twin assumptions that the OS files are static (you have forgotten that various files define how the computer is configured so you can actually use the thing) and that malware will play nicely with you and not disrupt or hide in your own saved files demonstrates this very clearly, along with your odd comments about green screens.

    Firstly, saying the OS files are "essentially static" is not an assumption, it is a statement of fact (trivial example: if OS files were dynamic, then things like read-only network-booted systems would not even be possible, let alone practical (and in the UNIX world, relatively common)). The vast bulk are rarely modified - especially in day to day use - and can be either streamed back off a read-only media or downloaded from the internet in a matter of hours, if not minutes. System configuration in modern OSes is nearly completely automatic, and user preferences are part of the user's data, not the OS's.

    Compared to user data, which is not only extremely difficult - if not impossible - to recover, but also has change patterns that are both relatively frequent and of high importance - OS files are most certainly "essentially static".

    Secondly, I have made no assumptions that malware will not "hide" in user data - my statement was purely about the relative value of system files (very low) compared to user data (very high). Whether or not said user data may also host malware is an entirely separate issue.

    The malware plague is not a user problem.

    The vector for most malware infections is user interaction, and the proportion of malware infections caused by unpatched vulnerabilities is tiny.

    The same users have mobile telephones with more computing power and better internet connectivity than the best MS systems in use when this malware plague started.

    Oh, rubbish. Malware has only really been a problem since the early 2000s (late 90s at most), and even in 1999, I had a Windows PC with two CPUs, a gig of RAM and multi-megabit internet connectivity, easily 3-4x the power of my Droid.

    Their phone are not part of botnets so you need to consider it more deeply than just quoting the silly "dancing bunnies" excuse peddled by software developers that wish to be called engineers but put less consideration into their work than a ba

  13. Re:Is a movie theater really a public place? on Woman Filming Sister's Birthday Party Gets Charged With Felony Movie Piracy · · Score: 1

    My wife should be able to continue to hold the copyright, and proceed with selling the work herself - nobody else should be able to make copies of my creative work and start selling it (taking advantage of my advertising!) just because I died. It's unfair to my wife - she'll suddenly have competition that didn't exist prior to my death, and on top of that, the competition won't have to make up all the money I spent on advertising.

    If I work a regular salaried job, and die, it's "unfair to my wife" not to continue receiving that benefit as well, but I wouldn't try to argue that my old employer should just keep paying her my salary for the next 80 years.

    Do you see the problem? It's not ludicrous at all.

    It is ludicrous. Exactly the same way that forcing employers to continue paying wages after an employee's death would be ludicrous.

  14. Re:Is a movie theater really a public place? on Woman Filming Sister's Birthday Party Gets Charged With Felony Movie Piracy · · Score: 1

    There have to be some exceptions - I shouldn't be able to have someone assassinated and then be able to legally sell my own copies of his recently copyrighted stuff.

    You can't. Firstly because premeditated murder is (very) illegal and secondly because all his copyrighted stuff would be in the public domain and freely available to everyone.

    Why does this ludicrous argument always pop up ? It doesn't stand up to even a cursory examination.

  15. Re:A very simple example as to why it is not the c on Black Screen of Death Not Microsoft's Fault · · Score: 1

    I see you put no thought into this whatsoever :(

    I've put a great deal of thought into it. You're just too busy discussing what you think I said, rather than what I actually said.

    Put a few seconds of thought in there and consider that on a single user system you and the malware own all the system processes and all of the files and have access to all of the hardware. You and the malware can't run the firewall program without the password, but you can kill the process, delete all of its files and run your own.

    And on an unprofessionally managed multiuser system it's trivial to convince the user to do the same. Just promise them boobies or some dancing bunnies.

    In other words you are ignorantly advocating going back to something older than those green screens you were whining about because those green screens and the multiuser systems they connected to were old. The Apple ][ and MSDOS were not the good old days and there is no point going back there now that we can pack enormous numbers of junctions on the silicon and run them at high clock speeds.

    At no point have I argued anything of the sort.

    A multiuser system is a technical solution to security. As such, it offers little relief from what is largely the social problem of malware. A multiuser system offers capabilities and features a single user system does not, certainly, but the strengths and advantages of those capabilities and features evaporate very quickly when an ignorant administrator is put in charge of leveraging them, as is the case with most of the world's multiuser systems.

  16. Re:When you think "what's the difference" ... on Black Screen of Death Not Microsoft's Fault · · Score: 1

    Which of course effectively turns it into a multi-user system only using a different way to do it. Try harder if you want to show your above statements are of any worth.

    No, it does not. No more than installing a telnet server onto Windows 95 turns it into a multiuser OS.

    It's possible we are argueing about different things and you define "user" in your own made up definition as a physical person and not as it has been used in the context of computers for many decades. There is a lot of that sort of behaviour exhibited even by those that have a good enough education to know better.

    I define "multiuser" the same way computer science does. What definition are *you* using that an application with authentication can make an OS "multiuser" ?

  17. Re:When you think "what's the difference" ... on Black Screen of Death Not Microsoft's Fault · · Score: 1

    With respect Sir, the single user OWNS the firewall and can do anything it likes with it - thus the malware can do anything it likes with it.

    Actually, no, it's quite possible for the firewall to have its own authentication system.

    However, the point is that situation is just like a multiuser system administered by a single, ignorant user.

    Your complaint was that multiuser systems are an old idea and thus bad, and that somehow the older single user idea is newer and thus good.

    Whoa there, tiger. My "argument" was nothing of the sort. My *point* was that a multiuser system that only has a single user using and administering it does not differ significantly from a single-user system.

    As a not paticularly promising year 8 student I knew about some of the advantages of multiuser systems in the 1980s (Microbee Z80) and do not understand how you can miss the point so badly more than twenty years later typing on a system that can provide you with many examples a few keypresses away.

    I haven't missed the point of a multiuser system. Quite the opposite. My point is that multiuser systems only provide a meaningful security advantage when they are professionally managed. Security boundaries aren't much of a barrier when the user can be easily convinced to circumvent them.

  18. Re:Agreed. Microsoft lobbies for software patents. on Windows 7 Under Fire For Patent Infringement · · Score: 1

    This is entirely the problem. The fact that the patent system in the United States (and many other countries) allows a ridiculous number of patents for things with plenty of prior art, plain obvious ideas and troll patents (i.e. the Russian who trademarked the ";-)" or Tsera's ridiculous patent on the concept of a touchpad).

    A much larger problem is that the patent system does not recognise that two people can invent the same thing completely independently.

  19. Re:Not equal on Black Screen of Death Not Microsoft's Fault · · Score: 1

    But the distinction is an SUID binary is an already existing application that's allowed to run as root, not a hole whereby arbitrary code can potentially execute as root.

    That's the same as the UAC whitelist.

    (For reference, I disagree with the UAC whitelist - but it's nowhere near the security hole that the concept of SUID represents.)

    The attack surface is far smaller and more difficult (not to mention that generally SUID things are verboten by the system and easy for automated scripts to destroy as soon as they are found).

    "Verboten by the system" ? You're kidding, right ? The typical UNIX system would fall apart without SUID binaries - it's one of the standard ways to work around the primitive and coarse nature of UNIX's security model.

  20. Re:When you think "what's the difference" ... on Black Screen of Death Not Microsoft's Fault · · Score: 1

    Very, very wrong on the first part (consider all of those things the system is doing in the background for example - that's one answer) and poorly informed on the second.

    Single user and multitasking are not mutually exclusive. Windows 9x and BeOS are two fairly high profile examples of single-user, multitasking OSes.

    To answer the second question, consider that a major use of malware is to send email. For example if the malware can not get permission to send things out to the ports used by email without elevated privileges then it can't send email.

    Firstly, that would require a simple firewall, not a multiuser OS and elevated privileges. Secondly, if malware can't send email then how can legitimate applications ? If it's a simple user prompt to decide, how can the user determine the difference between legitimate software and malware ?

  21. Re:System Registry on Black Screen of Death Not Microsoft's Fault · · Score: 1

    Since when /etc/ is random. In case you haven't noticed, Linux and Unix have standard locations for keeping configuration files.

    And as with most standards, the best thing is how many of them there are !

  22. Re:Actually yes (but no). OS X is an excellent mod on Black Screen of Death Not Microsoft's Fault · · Score: 1

    Well, it typically means that one bad file does not screw the entire computer.

    Typically, one bad Registry Key won't "screw the entire computer" either.

    Let's see you go to the Window's registry and delete everything and continue working.

    Try deleting every conf and plist file, and everything in /etc, and see how well OS X works, shall we ?

  23. Re:System Registry on Black Screen of Death Not Microsoft's Fault · · Score: 1

    It would be nice if the ACLs were configured sensably by default though.

    How are they not ?

  24. Re:Sure it does on Black Screen of Death Not Microsoft's Fault · · Score: 1

    The base issue is that in Windows 7 Microsoft weakened UAC, so even if you have it disabled a program can do some system level things without warning if you are logged in as administrator. Why should Microsoft get a pass for doing this? Sudo doesn't have these kinds of holes built in...

    Sure it does. The rough equivalent in UNIX is a SUID root binary.

  25. Re:When you think "what's the difference" ... on Black Screen of Death Not Microsoft's Fault · · Score: 1

    There's a lot of very good reasons why we don't run a single user knockoff of CP/M anymore and have gone back to the multiuser system idea that was stalled for so long by MSDOS. It's a step forward not backward.

    The difference between a single-user system, and a multiuser system with a single user, is largely semantics.

    The majority of the problems in the MS environment today are due to the single user on a single non-networked PC mindset - all that crap that has to run as "Administrator" creates huge security holes that even Win7 can't do anything about apart from nag the user.

    How, exactly, do you feel the lack of elevated privileges might stop the average piece of malware from working ?