Slashdot Mirror


User: spitzak

spitzak's activity in the archive.

Stories
0
Comments
5,741
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,741

  1. Re:Its an OS thing.. on Intel to Develop Hardware Rootkit Detection · · Score: 3, Insightful

    Huh? Rootkits certainly do exist for Linux. In fact the term comes from Unix, "root". A rootkit is code that is installed to hide itself, *after* security has been compromised somehow. The ability to write a rootkit has nothign to do with the ability to compromise security. In fact I'm sure it is easier to write a Linux rootkit than a Windows one, just because in general it is easier to write system software for Linux.

  2. Re:Is that a Product plug I see? on Unpatched Firefox 1.5 Exploit Made Public · · Score: 1

    Good question. Another one is people saying that it requires Windows SP2 and does not work on other versions of Windows or on Linux. But the description of the bug is that reading in the history.dat file causes a buffer overflow that crashes it on startup. It would seem likely that this bug would exist on all operating systems, or at least be the same on all Windows systems.

    Though not a security issue, a "DOS" that permanently crashes Firefox even when you run it again is pretty bad.

  3. Re:Worst, Worst Software from Apple? on Woz Says Big Software Doesn't Work · · Score: 1

    I'd really like to see in iPhoto a folder that is "all the photos you did not put in another photo".

    Perhaps I have used other software and shells too much, but this "manager" software where there are symbolic links from all the other folders to a single big "library" one seems a bit strange to me. Though I got used to it, I really expected that if I put a photo/song in a folder, it *went* in that folder, and you would use some shift key to put it in more than one folder.

  4. Error numbers are not OSS on Woz Says Big Software Doesn't Work · · Score: 1

    Assigning error numbers is a much more corporate thing (so that the messages can be translated, and because of "coding standards", and for listing them in the documentation). OSS rarely if ever uses error numbers. Error numbers are also the cause of the funny Windows "Error: no error detected" popup (caused by passing 0 to the lookup-the-error-message routine).

    A more typical problem with OSS errors is that they will report something like "/etc/foobaz.zoo : no such file or directory" and you have no idea how to create this file or what to put in it, or whether there is some other switch or file that will make it not require this file. This is due to the programmer never testing the program other than on their own system where they already have it working. Or they will report "missing curly brace" with no other information such as the line and file that was in.

    Getting this wrong kind of hurts the authenticity of your statements.

  5. Re:Can somebody explain this extension thing? on New Worm Chats with Users on AIM · · Score: 1

    That's what I figured was happening. I just had not seen a Windows machine with this option turned on and did not want to mess with one to turn it on.

    This therefore is a good example that the extension-hiding is bad. Apparently seeing the "foo.jpg" is MORE convincing to users that it is a jpg file despite the fact that it actually is wrong. You would think naming the file "picture.exe" would be more convincing since this would display identically to "picture.jpg" but instead the trojans use "picture.jpg.exe". This seems to indicate that the extensions work at a fairly low level in the user's brain so that seeing ".jpg" gives a positive response before the higher logic says that you should not see it at all.

  6. Can somebody explain this extension thing? on New Worm Chats with Users on AIM · · Score: 1

    Not having access to a Windows machine, I am confused as to exactly how this trick works.

    If a file is named "foo.jpg.exe" and hide-file-extensions is turned on, does the user see "foo" or "foo.jpg".

    If "foo.jpg", how come they don't notice that all real images display just "foo" and don't have a ".jpg"?

    Or if in fact it displays "foo", how come when you double-click it, Windows does not look up how to open a "jpg.exe" file, rathern than an "exe" file? If in fact the hide-extension rules are different than the lookup rules, that is incredibly stupid, but I have a hard time believing even Microsoft would not fix this in all these years.

  7. Re:Why is this necessary? on Antispyware Shootout · · Score: 1

    That's the ACL list and yes, there is a flag called execute/traverse directories. However this by default is set on every file, it is not being used as the main "this can be executed" indication. The shell still recognizes executable files by their name, if this flag is off you get an error when trying to run the file, but it still hides another file by the same name later in the path. So it is different than the Unix version.

    That said, I still believe the Unix system is pretty useless. In fact the Windows idea of identifying executables by a specific extension works just fine, and allows programs to work over file systems that cannot store this bit. It also means you can clear out all executable files with "rm *.exe", something which is a pita to do in Unix.

    So it does not match, but this is not a Windows problem.

  8. Re:We've beaten viruses but not spyware? on Antispyware Shootout · · Score: 1

    Viruses exploit bugs in the system software to install themselves. Since no real software requires the bug, the virus detector just has to detect and prevent the execution of code that is using the bug.

    Spyware uses the exact same mechanism as legitimate software to install itself. Thus detecting and preventing that code would also prevent the user from running all kinds of legitimate things.

  9. Re:Why is this necessary? on Antispyware Shootout · · Score: 1

    NT has and uses an Executable flag, which behaves precisely the same way as that for Unix directories - it doubles as "Traverse Folder".

    Are you sure about this? I think you may be confused by some part of the Cygwin emulation.

    In addition I disagree with the initial poster that the execute bit serves any kind of protection. Any program can turn it on, and it certainly seems that a "user friendly" file transferring program will helpfully turn it on for executable files so you don't have to use the shell to do so.

    The execute bit was a hack so that the initial versoins of Unix could locate programs in the $path quickly. People tended to mix executable and normal files much more in directories then, and disk and processors were very slow, so this avoided the need to open and examine every file in the path to see if it was executable (the permission bits had to be read anyway to see if the user had read permission, so this test was in effect free). I'm quite certain that this bit was not some plan by K&R to add security to Unix, but simply to make it efficient to type their commands to the shell.

  10. Re:The Biggest Problem... on Free Software Foundation Begins Rewriting the GPL · · Score: 1

    Absolutely right about the GPL, that is exactly it's design. Although most poeple who publish under it are not trying to force software to become open-source, but instead interested in protecting their own software from becoming closed-source.

    If this bothers you, then you can simply not use GPL software. Boo hoo.

    And there is no reason you cannot use LGPL libraries, however.

  11. Re:GPL and device drivers on Free Software Foundation Begins Rewriting the GPL · · Score: 1

    There is no difference between these two scenarios.

    Your "manufacturer" would be free to write a binary closed-source program, and then a small GPL API program that calls it, exactly the same as the "third party". Or they are not allowed to do this, but in that case the "third party" is not allowed either. The general consensus is that neither party is allowed to do this unless an exception is added to the GPL on the code, such as the one provided with Linux for binary modules or user-space programs.

  12. Re:I can tell you straight up on Desktop Linux Survey Results Published · · Score: 1

    Are you saying one version recognized wireless and another version recognized the wired card? That is bad.

    However if one of the cards refused to work ever that means the manufacturer did not provide enough information to support it.

  13. Re:OpenOffice in browser on Desktop Linux Survey Results Published · · Score: 1

    I assumme they mean that they want to click on a link to an OpenOffice document, and have it open inside the browser window, rather than launching OpenOffice.

    I would agree, I find it annoying when seperate programs launch for what looks like no good reason. In particular .tiff or .bmp other unusual image files. I hate the fact that Konqueror will run some weird text editor where space does not page down when plain text is encountered. And in general am annoyed when random links to text open unexpected programs or offer to save to disk, rather than displaying the text in the window (it seems it could look at the first 1K or so of the document and decide if it looks like ascii).

    However what is weird is that sometimes I *prefer* seperate windows. I like having pdf's open in their own window, and I like having movies open a windowed movie player rather than trying to display in the browser. It is possible the difference is that I don't want it to ever open an "editing" application, but a "display" application is ok. However I am not really sure what the difference is.

  14. Re:tax software on Desktop Linux Survey Results Published · · Score: 1

    As other posters have stated, there are certainly things that you need to pay people to do (or conversely they won't give away the source code for, because it is a complex mess of rules that took a lot of work to figure out and that work is valuable, while the code is useless for any purpose other than implementing the exact same program so it has no value as a base for writing other software).

    However there is really no reason these companies can't figure out a non-Windows-only base library and use that to produce the exact same program for Windows, Mac, and Linux. It's not like they are doing anything complex with the hardware or network, they are drawing forms on the screen. In fact this base library could be open-source, while the rules remain running atop it, and only the compiled rules are sold. Or the rules themselves could be downloaded from the internet as needed (this would prevent somebody from decompiling them all except by making every possible query).

    It does seem likely that the browser will fulfill this underlying role in the near future.

  15. Re:Since when... on Microsoft Receives Open Source VIP Blessing · · Score: 1

    Since about 1980.

    MicroSoft was the original name.

    The official logo was then changed to all-caps, with the first 'o' striped horizontally, somewhat like the AT&T death star logo. This tended to preserve the appearance of two words.

    The modern logo is lowercased, but with a small notch in the first 'o' that is the remains of those horizontal stripes, which is the remains of the former capitalized S.

  16. Re:what we need for compliant browsers on What's New With IE, Firefox, Opera · · Score: 1

    In fact Window's alpha compositing support has been better than X for quite awhile (the XRender extension does this but is not as uniformly supported as Windows support for this call):

            BLENDFUNCTION m_bf;
            m_bf.BlendOp = AC_SRC_OVER;
            m_bf.BlendFlags = 0;
            m_bf.AlphaFormat = 1 /*AC_SRC_ALPHA*/;
            m_bf.SourceConstantAlpha = 0xFF;
            AlphaBlend(dc, x,y,w,h, source_dc, X,Y,W,H, m_bf);

  17. Re:Why don't you go fuck yourself on Windows vs. Linux Study Author Replies · · Score: 1

    These AC posts are probably fake, from people trying to reinforce the idea that the "slashbots" are all immature. Wonder who would be interested in doing that?

    Real "slashbots" tend to not use the AC account, no matter how stupid the thing they say, and tend not to use profanity, because they think they are being adult even if they are not. Everybody should ignore any AC posts like this, it's obviously a marketing campaign.

  18. Re:Needed features on GIMP's 10th Anniversary Splash Contest · · Score: 1

    I dont think FilmGimp was interested in CMYK support (hint: film does not use CMYK). It was to support more than 8 bits per pixel.

  19. Re:Time flies on GIMP's 10th Anniversary Splash Contest · · Score: 1

    16-bit integers are probably a waste of time. Any effort in this area should be into supporting 16-bit floating point (use the ILM EXR "half" format for the data, it has 1 sign bit, 5 exponent, and 10 (plus hidden 1. bit) of mantissa).

  20. Basic questions on Blazing Dual Channel Thumb Drive · · Score: 2, Interesting

    Okay, I guess I'm not a big enough geek to directly recognize whether something is fast or slow. Need some basic questions answered:

    1. What is the transfer rate of this thing?
    2. What is the fastest that could be done based on the USB port design?
    3. What is the transfer rate to a typical internal hard disk?
    4. What is the transfer rate of a typical USB thumb drive?
    5. What is the transfer rate of a typical large external USB drive?

    Printing a few ratios would go a long way to knowing whether this really is a big deal.

  21. Re:I just want to say this on Darwin Evolving Into A Tricky Exhibit · · Score: 1

    Christian believe that God is love. Are you saying that there is no love, that its a figment of man's imagination?

    Don't be silly. Here is your same argument with some trivial substitutions:

    "Kids believe Santa Claus is a man. Are you saying there is no such thing as men, that all men are a figment of man's imagination?"

  22. Re:Licensing on Microsoft to Open up Office Formats · · Score: 1

    I think you are confusing things.

    If you own a patent, you certainly can write GPL software using that patent. You basically are saying that you are allowing anybody who distributes that GPL software to use that patent. You can also write BSD software using that patent, and you are basically saying that *anybody* can use the patent and you are giving up your rights to it.

    I think though you are talking about where you don't own the patent, but you have some sort of license. Possibly this license allows you to write BSD+patent clause code (if it allows you to write true BSD code, then the patent owners have basically given up all rights to the patent, which is silly, so I will ignore that). It is just as likely the license allows you to write GPL+patent clause code. There is nothing wrong with that. However neither of these licenses are BSD or GPL, they are x+patent clause.

    What is true and probably the basis of your argument, is that if you have *somebody else's* GPL code, you cannot incorporate it into GPL+patent clause code you want to write. However if you have *somebody else's* BSD code, you *can* incorporate it into your BSD+patent clause code (and into GPL+patent clause code).

    So while there is absolutely no difference in your ability to use the patent in some variation of GPL or BSD, there is a difference in what you can do with *other* people's code that is GPL verses BSD.

  23. Re:Internal docs? on Microsoft to Open up Office Formats · · Score: 2, Interesting

    No, they almost certainly do not have any documentation except for the Word source code. It is pretty obvious that Word format is a mess of back compatability and forgotten hacks by hundreds of different programmers. Microsoft would like to get rid of it as much as everybody else, if they could replace it with a well-designed but obscured format.

    The amount of man YEARS of work needed to write this documentation, especially compared with the week or so that would be needed to do a half-assed read/write support of ODF, is staggering. Another indication that Microsoft is scared out of their minds that some people might use ODF by default.

  24. Re:Write not read on Microsoft to Open up Office Formats · · Score: 2, Informative

    Several idiots here have replied that writing is harder than reading.

    Why don't you try a *REAL* file format.

    TIFF is a good example.

    A program that writes a TIFF file can be about 100 lines (writes an arbitrary sized image in full 24 bit rgb or in 32 bit rgba).

    To read a TIFF file you need a library of tens of thousands of lines (libtiff).

    Why? Because in the TIFF header there is a "compression type" and a lot of other variables. If you are writing a TIFF file you only need to worry about one setting of these variables. To read them you need to worry about ALL of them.

    Learn a little.

    I fully agree that if they really say "write a Word document" they may very well be trying to make in one-directional.

  25. Re:Minor nitpick on Microsoft to Open up Office Formats · · Score: 1

    Thats right!

    One thing being overlooked by everybody is that Microsoft could support Open Document (it might take one of their programmers a week or two) so that Word can read/write it, and they could still sell this new upgraded Word to Massachusetts. In fact MA would probably buy a huge pile of this upgrade, thus turning this Open Document requirement into a sale of much more stuff from Microsoft than before! ODF does not even have to be the default save-as format, so they would probably still get almost all of their lockin! In fact the deal would probably be great for Microsoft.

    The fact that Microsoft does not take such an easy way out shows that they are scared shitless of Open Document format and will do anything they can to stop it.