Slashdot Mirror


User: drsmithy

drsmithy's activity in the archive.

Stories
0
Comments
12,153
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,153

  1. Re:Oh it's driving demand all right on PC Makers Say Vista Is Not a Seller · · Score: 1

    You mean DirectX 10? Sure, DX10 could run on XP if MS wanted it to, but then nobody would need to buy Vista.

    Sure, just like all the improvements in Linux 2.6 could have been in 2.2 "if Linus wanted to", or all the stuff in Leopard could have been in OS X 10.0, "if Apple wanted to".

    What's your point ?

  2. Re:Oh it's driving demand all right on PC Makers Say Vista Is Not a Seller · · Score: 2

    Anyone who knows how uses the classic start menu and control panel.

    I don't. Why would I ? The "new" Start Menu is superior in basically every measurable way.

  3. Re:What's Microsoft got to do with it? on Vista Failing "Blackboard" College Courses · · Score: 2, Insightful

    It is Microsoft's fault if Vista broke existing applications without a very good reason for doing so.

    No, it's Microsoft's fault if the application was written to documented APIs and following their recommended practices.

    Given that 99% of software problems in Windows are caused by applications that *don't* do this (Exhibit A: any application released in the last ~8 years or so that needlessly requires Administrator privileges), this is probably something Microsoft deserve the benefit of the doubt on.

  4. Re:So... on Linux Preinstalled Dell Available Soon · · Score: 4, Insightful

    I'm sure the lack of interest in Vista has something to do with this.

    Why would a typical Dell customer who isn't interested in Vista, be interested in Linux ?

  5. Re:Sadly... on FSF Releases Third Draft of GPLv3 · · Score: 1

    Bad example: anarchy means "no rulers", not "no rules". An anarchic society can also be a lawful and free society.

    Without "rulers", how can a society define - and, especially, enforce - the "rules" ?

    For that matter, I would go so far as to say that any society which is not anarchic cannot be lawful, because it contains, by definition, an organization not bound to follow the laws which bind the rest of society.

    By that rationale it's basically impossible to have laws at all, since enforcing them will almost certainly break them.

    Anarchy is (ironically enough) mildly interesting to philosophise about when you're a stoned teenager, but when the chances of it ever working in the real world make stuff like Communism and The Free Market look like sure bets, it kind of loses its lustre once you grow up.

  6. Re:My question is this... on FSF Releases Third Draft of GPLv3 · · Score: 1

    Do we REALLY need a GPL v3?

    Of course we do. It's still possible for software to be valuable !

  7. Re:Heads up their asses...RMS on FSF Releases Third Draft of GPLv3 · · Score: 1

    Very, very wrong. You cannot have freedom without rules and regulations, because without them, people are allowed to take away your freedom.

    Those of you familiar with history may recognise this argument, as it is typically used by Governments to justify oppressing their citizens.

    Recent years have seen particularly extensive use of "rules and regulations" by Governments of the USA, UK, Australia and others, to help "ensure the freedom" of their citizens by "fighting terrorism".

  8. Re:Problem is... on HP Exits Media Center Business · · Score: 1

    What kind of raid array are you using to record 2-3 HD channels at the same time, or, alternatively, what kind of capture cards are you using that do realtime hardware h264 or better encoding?

    A standard 1080i, compressed MPEG2 broadcast is ~2.5MB/sec. 720p is ~2MB/sec. That's covered 99% of TV broadcasts (heck, probably 100% - does anyone do 1080p anywhere ? They certainly don't here in Australia.) Even then, 1080p would only be ~5MB/sec and a modern, single drive should easily keep up with 3 - 4 such streams.

    Real-time encoding to something like h264 is a completely different discussion, and well outside the scope of typical MCE/HTPC usage. I'm not sure what you're thinking about, but it's not got a lot of relevance to this discussion.

  9. Re:I Have an XP MCE PC on HP Exits Media Center Business · · Score: 1

    If you have an HDTV and an extra $1,500 for a nicely-done MCE computer, XP MCE is a good solution.

    $1500 ? A bog-standard Mac Mini with a couple of USB tuners (plus a bigger/external hard disk if you record a lot) makes an _excellent_ HTPC, and comes in a hell of a lot cheaper than $1500.

    If you're happy to use a whitebox PC and hide it behind the TV cabinet, you could do it even cheaper.

  10. Re:Problem is... on HP Exits Media Center Business · · Score: 1

    ..you can't run XP and media player with anything but cutting edge horsepower.

    With MCE you can *easily* be recording 2-3 HD channels while watching a DVD (or another channel) on a 2Ghz P4. I'd venture a guess that anything down to about a 1Ghz P3 would be trouble-free for a single live channel or DVD playback.

    That's 5 - 7 year old hardware - how on Earth is it "cutting edge" ?

  11. Re:Big Brother alive and well in the UK on Mind How You Walk - Someone is Watching · · Score: 1

    Why don't the brits use an article there?

    In Britain it matters less which hospital you go to ?

  12. Re:These are not PC issues, but Windows issues. on How Small a PC Is Too Small? · · Score: 1

    Which makes no difference at all so long as the boot sequence goes directly to a password prompt.

    Of course it does. Once the malicious user is logged in they can then potentially run some program that masquerades as a login screen.

    Back in the Novell/DOS/Windows 3.1 days, this was a *classic* stunt pulled by technically adept students in school computer labs to harvest usernames and passwords - heck, you could do it with batch files. The same principle still applies.

    That's true, but flip it around: a user who can replace system DLLs already has the ability to subvert the SAK, so it buys nothing in that case.

    But you don't need elevated privileges to run an app that masquerades as a login screen, making the attack surface much larger. THAT'S THE POINT.

    It only raises the bar for malicious users who are able to find/code a login lookalike but cannot find/code a local exploit. Again, that seems like a tiny use case to me.

    WTF ? It's a *massive* case in the context of this sort of attack. Banging together a VB app that looks like a login screen is something just about anyone comfortable with computers could do. Identifying and exploiting a local privilege-escalation attack (assuming one even exists), then creating and installing a suitable msgina.dll replacement, is well and truly into the arena of advanced user. Not to mention the fairly obvious system reboot that would have to occur to make it work.

    Now if there were serious studies done that show that the population of users who can find Windows login lookalikes but not find local exploits is very large, then I might change my mind.

    Or you could just rationally and objectively think about the relative difficulties of coding up a windows app that masquerades as a login screen vs replacing system level DLLs as an unprivileged user for more than a minute or two.

    Holy shit. I'm having trouble believe you could even _suggest_ these two tasks are comparable in terms of difficulty and likelihood, let alone try and argue it. Have you never had even passing experience with an environment like a school or call centre where individual machines are regularly used by dozens of different people ?

    See above. If I've got enough time to install a login lookalike, then I've got enough time to install a local exploit.

    Rubbish. A login lookalike would take ~30 seconds to pull of a network share or website and run with no indication to the machine's actual user anything has happened. Even in the movies, crackers don't do what you are proposing that fast.

    (Furthermore: In your use case MALICIOUS_EMPLOYEE likely has an even easier way to accomplish most of their BAD_THINGS: install a backdoor to load everytime the manager logs in and they can have network access to his/her security context and files ala NetBus / Back Orifice.)

    This requires elevated privileges to accomplish. They are not a reasonable assumption.

    As I said, unless the pool of users who can find login lookalikes but not find local exploits AND can't get their nefarious deeds done with something like Back Orifice is very large, SAK does little to improve overall security.

    If you seriously think the difference between these two groups of people is not huge, you're off in la-la land. One requires almost zero technical ability, very little time and leaves nearly no trace. The other requires significant technical ability *and* a vulnerable system *and* more time *and* leaves at least one obvious sign it has happened (a system reboot)

  13. Re:Obligatory on Vista Slow To Copy, Delete Files · · Score: 2, Funny

    half the new kids won't even get it

    Given this troll (in its original form) dates from mid-90s usenet, a fairly large chunk of the "old kids" probably don't get it either...

  14. Re:except that people are busy on Protests Move From the Streets To YouTube · · Score: 1

    You're forgetting one very important fact about representative democracy: the whole point is that someone else represents us, because we don't have the time to be involved in day-to-day political governance ourselves. When ANY of us take time out of our lives to correct our politicians, then they need to take notice. It's only when the majority of people who DO something have a different view, that the minority who do something should be ignored.

    So when I take the time to "correct" my local MP about this silly idea that women should be allowed to vote, what would you expect him to do ? How about if I found 5% of my local electorate to agree with me (probably not completely out of the question for some communities in, say, western Sydney).

  15. Re:General Strike on Protests Move From the Streets To YouTube · · Score: 2, Interesting

    On February 15 2003 the largest global protest ever took place in hundreds of place around the planet. It was against the war on Iraq. They were ignored by politicians. Democracy is dead.

    Huh ? Just using Australia as an example (since I'm a local), even being _extremely_ generous and saying a million people in total across the entire country, were protesting, would mean 5% of the population were involved.

    Politicians not following the wishes of 5% of the population does not mean "Democracy is dead". Quite the opposite, in fact.

    To further drive the point home, pretty much every democratic country involved in Iraq has had an election since the invasion, and not many of them had a change of Government. Most of them weren't even _close_ to a change of Government. Whatever you might personally think the community feels about the Iraq war, the evidence suggests most of them simply don't care.

    (To avoid pointless flames, I'm going to say up front that I don't think we should have gotten involved in Iraq. We should just build a great big wall around the whole Middle East and let the fuckers wipe themselves out.)

  16. Re:Yeah, but... on MS Trying To Spur Vista Sales With Discounts · · Score: 1

    For most general purpose computers, it is clear that the OS and application software need not come bundled with the machine at all, and that there are many good reasons the use should be able to choose what compatible software goes on his new machine.

    Quite the opposite. For most general purpose computers, it is obvious to anyone with even a passing acquaintance to the typical user that the OS and application software must come bundled, because most consumers lack the knowledge - and more significantly the desire - to build a computer (and its software bundle) from scratch.

    Expert users are a different matter of course - many of them enjoy building their machine from components - and the market does (and always has) catered to this.

    I really don't think the Dells and HPs of the world would mind a bit if the government said that any contracts they have that obligate them to bundle M$ crapware are null and void [...]

    But that's not what you're proposing. You're saying "you can't bundle", not "you don't have to bundle if you don't want to".

    [...] and they must offer consumers a choice of software, especially OSes and office suites or the option of buying a bare machine.

    I imagine the HPs and the Dells of the world would hate such a requirement, since the higher operating costs would almost certainly have an overall negative impact on profits.

    Further, I would expect companies like Dell and HP to oppose such governmental market meddling *on principle*, purely to avoid slipping any further down the regulatory slope.

    You do realize that M$ has the HW vendors by the balls, don't you?

    No, they don't. Given the amount of Windows problems out there caused solely by bad hardware, it's laughable to suggest Microsoft has anything close to the influence you (and many others) think they do. To pick one example, if Microsoft "had the hardware vendors by the balls", not a single PC built since 1996 would have had an ISA bus in it. For another, look at the mind-boggling number of completely broken APM and ACPI implementations that they have to deal with.

    IF they could pin the blame on the government and tell M$ to taker a hike, many would offer consumers some very nice alternatives to Microsoft Buggy Bloatware(tm).

    When customer interest is sufficient that the additional operating costs are exceeded, companies will be quite happy to offer alternatives to Windows, without any sort of governmental intervention at all.

  17. Re:Two Words ... on AV Software Isn't Dead, But It's Not Healthy · · Score: 1

    We have seen it in firewalls. We have seen it in military-grade physical security. We have seen it in banking. But, why, oh why, do we not see it with malware?

    Because it invalidates one of the primary reasons for having a computer - its ability to act as a general-purpose device and run arbitrary software at the users demand.

    There *are* default-deny configurations out there - Windows has had facilities for whitelisting program execution for years - but the biggest problem with doing that is you *blacklist* everything you don't already know about. The next biggest problem is that the whitelist must be maintained by a knowledgable operator or it is effectively worthless.

  18. Re:yes you're dead on on AV Software Isn't Dead, But It's Not Healthy · · Score: 1

    Screw AV it's dead end. Take all that time and resource and brainpower and focus on making the OS stronger and hackproof. Windows has become a titanium armored soldier with seriously bad heart disease. Making the armor stronger isn't going to help anything in the end.

    AV isn't there to stop stuff getting past the armor, it's there to stop stuff that has gotten past the armor. It's an integral (and inescapable, assuming you want computers to remain general-purpose machines) part of a properly configured, layered security system.

  19. Re:Right. Because Linux is perfect... on AV Software Isn't Dead, But It's Not Healthy · · Score: 1

    I disagree. Almost all major or widespread security problems are the result of Windows and their domination of the market and the fact that because of their monopoly they have no financial incentive to fix the problem, while they are the only ones in the position to do so.

    Almost all the widespread security problems on Windows can be narrowed down to end users doing the wrong thing.

    As a person with extensive experience in both usability and security, I call BS on this. The idea that usability and security are inherently opposed is tripe. Security is making sure the computer only does what the user wants and not what someone else wants. Usability is enabling the user to easily do what they want and not do things they don't want. Usability and security are complementary. Some security measures decrease usability, especially notably broken and ineffective security measures. Many technological decisions are made that decrease usability under the assumption that they will increase security, but objective analysis usually shows this is not true. You have to take the user and interface into consideration when planning security or you're just taking measures to shift the blame instead of increase real security.

    Security and usability are inversely related. Every single security measure you can think of - from having to enter a password to log in, through confirming potentially dangerous actions, to permissions restrictions - negatively impact usability in some way.

    You will probably make some ridiculouly broad and circular argument that "a more secure systme is more usable because it is more secure", but that doesn't change the fact that all those individual processes that occur get in the way, at some level, of what the user is trying to do.

    If Linux had 60% market share for home users tomorrow, in a month malware on Linux would be almost as bad as it is on Windows now... but 6 months later the problem would be all but eradicated as Linux developers implemented new security measures to counter the problem and Linux would hold its own in the arms race that would ensue.

    Thousands of years of human society hasn't closed the biggest security hole in every system - its users - and you think "Linux" will manage to do it in 6 months ?

    So long as computers remain general purpose machines for running arbitrary code, they cannot be secured.

  20. Re: Example on AV Software Isn't Dead, But It's Not Healthy · · Score: 1

    If it's so great then why can't I just put an unpatched windows box on the internet with a public IP?

    For the same reason you can't put an unpatched UNIX machine from ~7 years ago on the internet.

    Now that's just nowhere near the truth. I've got a stack of games that don't work in user mode. Intuit applications don't run in user mode. Furthermore, blaming resellers for Microsoft's design failures has no basis in reality.

    No software developer has had a remotely justifiable excuse for releasing software that needlessly requires an Administrator level account for nearly a decade now. It is *most certainly* something that can be blamed 100% on "resellers".

    It's pretty obvious from this and other postings you have made that you have absolutely no idea whatsoever about the architecture of Windows and, most likely, any other OS. You're just a standard anti-Microsoft FUD mouthpiece.

  21. Re:This is Crazy Making! on AV Software Isn't Dead, But It's Not Healthy · · Score: 1

    It would matter a great deal because Linux would adapt to solve the problem by adding layers of security and granularity of security and new services and technologies. Signing, certification services and blacklists, MACLs, active scanning, whatever it takes Linux developers would do it because those developers have a direct financial interest in securing the boxes. MS has no such financial incentive.

    Your theory does not align with reality.

    (If it did we'd still all be using DOS and Windows 3.1, Windows 95 at best.)

    The theory that Microsoft have no financial incentive to improve Windows, and that the [implied small number of] changes in Windows reflects that, doesn't even pass the laugh test when you compare it actual events.

  22. Re:Logical Fallacy on AV Software Isn't Dead, But It's Not Healthy · · Score: 1

    Windows security model and the *nix security model is a false analogy. In no way are they comparable.

    True enough. From a technology perspective, the Windows security model is superior in pretty much every measurable way.

    However, the important point is this: viruses very rarely exploit holes in either the security model or even bugs in the software. The most prominent vector for virus infection is the end user.

    So long as people can run arbitrary software on their computers, the "virus problem" will exist.

  23. Re:These are not PC issues, but Windows issues. on How Small a PC Is Too Small? · · Score: 1

    But does SAK really improve security?

    Yes.

    I would argue that in practice it is useless. As you pointed out yourself, physical access to the box permits full access to the CPU (though the data on the hard drive might remain encrypted) and if anyone can subvert the machine over the network then they could replace the login program itself with their own version that popped up when the SAK was hit.

    Neither of these are true. Firstly, it's not at all uncommon for input devices to be available, but the actual machine secured (eg: in a locked kiosk or another room). Secondly, the ability to pop up a dialog box that looks like a login prompt on a user's screen does not in any way imply the ability to replace low-level system DLLs.

    Seems to me that SAK only buys you security if you assume that your OS is not already compromised AND a malicious user with physical access to the box who does not already have Administrator access is running a full-screen application that looks like a login prompt in order to snatch passwords AND they did not already install a hardware keylogger. Times have changed since ~1990, and this use case is very limited to me. The malicious user can just as easily find a local privilege exploit and snarf the entire password database and crack it at their leisure or just run an application that looks and behaves like Explorer.exe but records keystrokes.

    Here is an example. Imagine $MALICIOUS_EMPLOYEE wants to "snarf" his boss's login details so he can do $BAD_THINGS. All he needs is thirty seconds alone with his boss's PC to copy a login-spoofer off a network share and run it. This is the kind of thing a SAK is there to protect against.

  24. Re:These are not PC issues, but Windows issues. on How Small a PC Is Too Small? · · Score: 1

    SAK is so necessary, why don't other operating systems need one? (Note Linux has one, but few people even know what it is much less use it.)

    They do. It's a security feature to prevent spoofing of login screens.

    How "necessary" it is really depends on your environment and its security requirements.

    Note that it doesn't *have* to be Ctrl+Alt+del. For example, the SAS could be triggered by a smartcard or some sort of biometric device.

  25. Re:How did you get modded +5 on Bill Gates Talk From 1989 Surfaces · · Score: 1

    The name NT even came from VMS.

    That particular myth falls apart as soon as you remember that "Windows NT" started its life as "OS/2 NT".