Slashdot Mirror


User: drsmithy

drsmithy's activity in the archive.

Stories
0
Comments
12,153
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,153

  1. Re:There is a legal aspect to this too on EC Watching Microsoft Security Moves · · Score: 1
    If Microsoft starts charging for antivirus software, they may under various legislation be seen to ship a defect product that can only be fixed by making an additional purchase of a Microsoft product.

    This would be true if avoiding viruses and malware wasn't doable with a bit of technical knowledge and some common sense.

    [Microsoft] are also 100% capable of clearing those attack-verctors from their own products either by re-design or re-writing the software being attacked.

    No, they're not. Microsoft can't stop users deliberately running "malicious code".

  2. Re:Clarity is not the common case on ESA to Sue California Over Violent Game Law · · Score: 1
    Besides, look at Canada, there IS a Gun control in effect and for some reason people aren't being "gunned down" or any more in danger than in the US (probably far less).

    What's cool about Canada is that it provides supporting evidence for *both* sides of the argument, since it has:
    * "Gun control" laws
    * A higher per-capita gun ownership rate than the US
    * Less gun crimes and murders than the US
    * Lower crime in general than the US

    Which, IMHO, all goes towards supporting the argument that "gun problems" have nothing to do with guns, and everything to do with people.

  3. Re:I don't see the big deal on ESA to Sue California Over Violent Game Law · · Score: 1
    However, I can hardly advocate breaking the law as a parent.

    Sure you can. Just tell your kids to do the right thing and teach them how to decide what that is. These are vastly more important (and useful !) principles to learn than "obey the law".

  4. Re:Dammed if they do... on EC Watching Microsoft Security Moves · · Score: 1
    Err...the only one of those that has the web browser integrated with the file system browser is KDE [...]

    I think you need to do a lot of research about how KDE and Windows/IE work.

    Konquerer in KDE and Explorer in Windows are simply wrappers. They call various shared components depending on how they're trying to operate - so when you browse the web they load up the "web browsing component" and when you browse the file system they call up the "file management" component.

    This does not mean that they have "the web browser integrated with the file system browser" any more than being able to open PDFs inside Firefox means Acrobat is "integrated with" Firefox. It means they come with a shared component that provides certain web browser functions - just like OS X and GNOME do - and load them on demand.

  5. Re:Clarity is not the common case on ESA to Sue California Over Violent Game Law · · Score: 1
    This is just more of the left wing nannie state bullshit. The gov't needs to stay out of our business.

    Uh huh. Because right-wing governments aren't interested /at all/ in trying to legislate moral behaviour, are they ?

    Sorry, but given the choice between the behavioural legislation typically pushed by the left (don't harm others or yourself) versus the right (we'll tell you what's ok to do in your own bedroom, and to whom) I'll take the left-ish version any day.

  6. Re:Clarity is not the common case on ESA to Sue California Over Violent Game Law · · Score: 1, Troll
    Yeah, because Tipper Gore and Hillary Clinton are two people that really come across as wanting to appease the religious right.

    Well, there certainly doesn't appear to be any other way to get elected in the US...

  7. Re:Porn maybe a better parallel on ESA to Sue California Over Violent Game Law · · Score: 1
    Rape porn IMO is sick and should too be outlawed with violent films.

    There is a vast gulf of difference between "rape porn" (by which I must assume you mean videos of people actually being raped, rather than simulated depictions of rape by actors/actresses) and the simulated violence _voluntarily_ depicted in movies by "consenting" actors.

  8. Re:I'm not sure there's a problem here. on EC Watching Microsoft Security Moves · · Score: 1
    They didn't charge for IE, and destroyed the browser market.

    The lack of competitive products for a ~5 year window destroyed the browser market.

    They didn't charge for WMP, and destroyed the media player market.

    Say what ? There's at least 3 major players in the media player market. How the hell is that "destroyed" ?

  9. Re:It's right and it wrong on EC Watching Microsoft Security Moves · · Score: 1
    If you ask me, Microsoft should create a mode of operation in Windows that will disallow all programs and libraries except for the ones indicated in some list.

    You can do this with Group Policy.

  10. Re:It's right and it wrong on EC Watching Microsoft Security Moves · · Score: 1
    If Microsoft begins giving away their security suite, then Symantec will probably go the way of Stac Electronics and Netscape.

    Stac was killed by plummetting storage costs removing the need for their product.

    Netscape died because they didn't improve their product.

  11. Re:It's right and it wrong on EC Watching Microsoft Security Moves · · Score: 1
    Are you SURE you want that, what you described is DRM taken to the extreme. The Windows Registry was the first attempt to do what you said but it is vulnerable.

    I think you have a deep misunderstanding of what the Registry is for.

  12. Re:Dammed if they do... on EC Watching Microsoft Security Moves · · Score: 1
    There's a BIG difference between bundled and integrated--one's just somewhat monopolistic, the other is monopolistic, insecure, and really, really dumb.

    So the programmers behind KDE, GNOME and OS X are monopolistic, insecure, and really, really dumb ?

  13. Re:Dammed if they do... on EC Watching Microsoft Security Moves · · Score: 1
    Second, having the browser integrated into the OS has made many non-critical holes even more critical as a result.

    Oh, bullshit. IE is no more "integrated" into Windows than khtml is into KDE or WebCore is into OS X. It's simply a shared component that runs at the privilege level of the user. IE (or other apps using IE) can't do anything more than any other application like, say, Firefox.

    Yes, by default, all applications run as root. In XP, they tried to fix this but it causes issues with several programs so the default is STILL to run as root (or more precisely as SYSTEM which has unlimited privileges)

    More bullshit. Applications run at the privilege level of the user that starts them.

  14. Re:Don't think so on Symantec Brings Complaint Against MS to EU · · Score: 1
    Mac OS doesn't. My linux install doesn't. Of course, I'm guessing from the tone of your post that you don't consider those "remotely mainstream platforms," or know that much about them.

    I consider both of them to be mainstream. Both "autorun" removable media when they are inserted. However, I've just discovered that OS X doesn't do this the way MacOS used to by running something on the CD itself, so my bad on that one - I had just assumed it was the same as MacOS used to be.

    Granted, it is changeable. But it's a bad default.

    Can't agree. I think this issue gets blown way out of proportion and that visibile file extensions would make no practical difference - mainly because most users wouldn't know to identify a file's type by its extension, or even what an arbitrary extension was.

    The shatter vulnerability is a design flaw in the Win32 thread message passing API. How is that "the responsibility of the application developers"?

    Because application developers shouldn't be creating windows on user's desktops that run at a high privilege level.

    I don't think you understand the nature of this vulnerability.

    I think I do.

    It's a somewhat similar situation to the whole "you have to be root to do lots of stuff in unix" "design flaw". Certainly, it is a flaw at a certain level and as such opens certain attack vectors - but it can be worked around.

    Shatter is _vastly_ overrated as a significant, real-life attack vector (particularly on Slashdot). Some supporting evidence to this is the dramatic lack of malicious code that tries to use it.

    But you explained the difference yourself: Microsoft Windows is closed-source, whereas Linux is open source.

    This makes no difference to me, philosophically *or* practically. I don't have the knowledge to audit operating system level source code and I certainly don't have the time. Move on to auditing the hardware and it's even less relevant.

    Government agencies, and large companies that want to secure their systems CAN audit the linux kernel if they want to. It may take a few months, but it can be done.

    I think that's a pretty generous estimate. I'd be estimating more on the order of years than months.

    This cannot be done with Windows.

    Yes it can, they just need a source code license.

    The "source code accessibility" argument is nothing more than sophistry from the OSS camp. Only a tiny number of organisations have the manpower, time and motivation to do a *full* source code audit of something the size of Windows, or a comparable Linux distrubution. It's simply not a compelling argument.

    What exactly do you mean by "people like me"? You have no idea who I am.

    Nor do I need to to respond to the attitudes you present.

    Anyway, Microsoft itself has admitted that they need to focus more on security in the future.

    So does everyone. Do the words "public relations" mean anything to you ?

    You claim that users are stupid, but then blame the users themselves for problems that result from bad defaults.

    Actually, no, I only blame them for doing stupid things - like executing obviously dodgy attachments and installing any piece of software that promises them things like new smileys or mouse cursors.

    I don't blame non-technical, unmanaged users for running as Administrator, as that is the (poor, if justifiable) default user in Windows.

    I do blame users who know better but still run as Administrator-level users fulltime. This includes sysadmins who let their userbase run as Administrator-level users.

    I do blame users for using IE when it has had so many well-publicised bugs.

    You don't understand why privilege escalation is a problem, or even what it is.

    I know exactly what it is and I know exactly why it is a problem.

    You don't see why ActiveX is flawed. You don't understand what a "sandbox" is... probably you have never

  15. Re:Wny Anti-Virus is an OS function on EC Watching Microsoft Security Moves · · Score: 1
    it is to design the architecture in such a way that infection is very difficult.

    You say this like it is easy to do, and/or that every other OS except Windows does it - yet neither of these statements is true.

  16. Re:Wny Anti-Virus is an OS function on EC Watching Microsoft Security Moves · · Score: 1
    Think of it this way: the malware is asking your operating system to do something. The correct response from your operating system is to not do it. That is all the "defence" that is necessary in an operating system - completely passive behaviour, without any extra code necessary.

    How does the operating system know which "requests" are malicious ?

  17. Re:This is just laughable on EC Watching Microsoft Security Moves · · Score: 1
    How about making an O/S that is secure to begin with? Charging people or supplying add-ons to fix one's own problems?

    It is not difficult to run a secure Windows machine.

  18. Re:Your bloat, my convenience on EC Watching Microsoft Security Moves · · Score: 1
    Spyware protection should ABSOLUTELY NOT be mandatory or part of the TCP/IP protocol (ha)--spyware takes advantages of flaws in Windows architectural design, [...]

    What flaws ?

  19. Re:Whitelisting on EC Watching Microsoft Security Moves · · Score: 1
    The right way is to let people choose lists to trust (much like APT repositories). I actually think that's a good idea.

    "Just add this site to your Trusted Software Suppliers list and you can see $CELEBRITY NUDE !!!"

    *Any* time you allow ignorant people decide what the system can run, that system cannot be secured.

    Coupled with sandboxing (so applications cannot access files they have no business accessing, even if they belong to the same user), [...]

    Who decides this ?

    [...] and safer programming languages (no more buffer overflows, injection vulnerabilities, and memory leaks), this would provide an enormous boost to security, at the expense of very little usability.

    You'll either get practically no boost in security, or a substantial hit to usability.

  20. Re:Explain this to me. on Microsoft Adopts Virtual Licenses · · Score: 1
    Maybe for support reasons, but they have no right in *$#@ to charge me more because of my better hardware!

    Sure they do. Indeed, quite the opposite, it is you that have no right to demand the price they sell to you at.

    I don't get the logic AT ALL.

    That's because you're not trying to sell software. Typically, more expensive hardware means the user has more money to spend. If they have more money to spend, you can charge them more.

    It's just simple price-discrimination, one of the fundamental principles of capitalism.

  21. Re:Uhm... did anybody read that last line.... on CEOs Who Invite Email From All Employees · · Score: 1
    If, as people seem to think, a CEO does nothing in a public company. There's a board of directors who would boot him/her out. Major companies don't make money by paying people obscene salaries to sit on their butts all day.

    Comments like this would carry more weight if the typical board of directors wasn't a great, big, happy, incestuous, old-boys club of CEOs.

  22. Re:What do CEOs actually DO? on CEOs Who Invite Email From All Employees · · Score: 1
    disirregardless

    Ô.õ

    Words like this make me think of that "don't cross the streams" line in Ghostbusters.

  23. Re:Huh? on IBM Vows Not to Genetically Discriminate · · Score: 1
    It's like this: Say one company genetically discriminates, and another doesn't. The discriminating one will get a higher return on its investements because it can more accurately ascertain productivity problems down the line. Then discriminating firms will over time beat out non-discriminating ones as investors redirect their capital into them.

    You're working here on the assumption that there are aspects of an employee's productivity potential that can be wholely and solely determined via genetics. Personally, I think that's a mighty big assumption, even if you take future anti-discrimination laws out of the equation.

  24. Re: huh? on IBM Vows Not to Genetically Discriminate · · Score: 1
    2 words - drug test.

    I get the impression employee drug tests - as a matter of course - are common in the US ?

    Can anyone comment on how common they are in other countries ? I know here in Australia I've never even heard of them happening outside of jobs where any sort of impairment is seriously life-threatening.

  25. Re:80386 better than 68000. on How the Lisa Changed Everything · · Score: 1
    Given that NT wasn't introduced until almost 10 years after the Mac, and only a year before Apple went to the PPC architecture, I don't think it really can be considered here. OS/2, while a true pre-emptive multitasking system (and a damn good one IMHO), didn't come out until about the time the second-generation Macs did (1987), and didn't even have a GUI until more than a year later.

    The comment I was replying to was talking about the 386, and PCs being "inferior" because "there was no proper 32-bit protected-mode O/S for 80386" - it seemed obvious to me the context of discussion was in the era of 32 bit MacOS, which started with System 7 in 1991. Therefore, I though comparisons with NT (1993) and OS/2 (1988 - 89) were quite valid. I can't see how the poster I was replying to could be seen as referring to the original Mac.

    Windows/386 was basically a 16-bit window/event manager bolted on top of DOS, with usage of 386-specific features limited to XMS memory support and support for multiple real-mode DOS applications, and you *still* couldn't directly allocate a chunk of memory larger than a megabyte IIRC.

    Windows/386 started the metamorphisis of DOS-based Windows into a 32 bit, pre-emptible, protected mode OS. It provided virtualisation for most of the hardware, allowing simultaneous DOS applications. The memory management part I can't comment on, I wasn't a developer at the time, but you're probably right.

    As I said, I think it's fair to view MacOS and DOS-based Windows as pretty much on par technically until Windows 95. Both got comparable features at roughly the same time, and both had some pretty big albatrosses around their necks (68k emulation, DOS/x86 legacy) by the mid 90s.

    "32-bit clean" referred to software, specifically an application that properly used the 68K address registers for addresses ONLY, and thus could run on a 68K-family chip with a 32-bit address bus.

    IIRC, it also referred to the hardware - in particular, whether the machine had "32 bit clean" ROMs.