Slashdot Mirror


User: Penguinisto

Penguinisto's activity in the archive.

Stories
0
Comments
5,947
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,947

  1. Mod parent up, plz... on Intrusion Cleanup Forces Delay For GNOME 2.6 · · Score: 1
    (re: knowing when the break-in occurred)This is true, but you can guess fairly well if going to backup (just look for the same things in the backup that alerted you to the compromise in the first place.)

    You are absolutely right that the admin has to apply any missing patches and modifications to the system that may not have been in place on the compromised server. My thanks for bringing that up

    (although, in some cases, no patch will save you... esp. if it was an inside job, or someone got hold of the passwords. but that's the bitch about security - the paranoia never stops digging deeper :) )

  2. Dude - on Intrusion Cleanup Forces Delay For GNOME 2.6 · · Score: 1
    ...not to cheer on another man's misfortune or anything, but having the CC# of a guy who has more disposable income than the GDP of most countries?

    "...yes, General? I'd like to buy that slightly used supersonic fighter you have idling in your hangar, please. Payment? No problem, dude; you take Amex, right?"

    OTOH, you're right to a point, though wouldn't "trying to help" involve some sort of notice to the victim?

  3. Re:Well, there is one difference I appreciate... on Intrusion Cleanup Forces Delay For GNOME 2.6 · · Score: 4, Interesting
    " What does Microsoft have to do with this? You fucking dumb jackass."

    Well kiddo, it's not just MSFT truth be known (hence my mention of "more importantly, other proprietary companies..." )

    Most proprietary companies are too worried about "customer confidence" to actually be honest with their customers. Back when a group of russians had 3 months' unlimited access to Windows' source code, it took outright proof in public before MSFT would admit to such a thing. ...and that's just MSFT; I wonder how many times Adobe's servers have been compromised? It would be nice to know that P-shop and Acrobat (or worse, the free reader?) wasn't quietly trojaned-up and sleeping on my 'dows boxen.

    Now, what about the break-ins we don't know about? How were they handled? How can a proprietary software company, let alone its customers, be sure that there aren't any nasty suprises hidden in their products?

    ...and therein lies the crux of my argument - open-source companies are specific, honest, and, well, eopn about what goes on security-wise.

    It's damned refreshing to be a customer who is treated like an adult, and not lied to, or kept in the dark about the products I use.

    Does this answer your question?

  4. Re:Must've been a real bugger on Intrusion Cleanup Forces Delay For GNOME 2.6 · · Score: 5, Insightful
    It takes some work, but there is one way to insure a completely clean system: Re-installation of the OS from media, or a backup from a time known before the break-in.

    Either way, you only have to check the backup server data itself against (externally backed-up) MD5 checksums, and ask developers to re-commit any changes made during the suspect time.

    Now try and do that to a mail server, and the fecal matter hits the air-handler. But, with data that is relatively static by comparison, it takes work, but isn't too much of a trial.

    $0.98 in change, please :)

  5. Well, there is one difference I appreciate... on Intrusion Cleanup Forces Delay For GNOME 2.6 · · Score: 4, Insightful
    With GNOME and most other F/OSS projects, at least you get honest, up-front answers and timely announcements of intrusion attempts and such.

    If only MSFT (and more importantly, proprietary software companies that aren't so much in the spotlight) were as forthcoming about break-ins.

  6. Re:Heh on Meet Lucy, The Orangutan Robot · · Score: 2, Funny
    "Contender for worst failed first post attempt?"

    No, that would be "To hell with the monkey, I want my Linux Fembot with a penchant for evil!"

  7. Re:YAY! Lets watch out mouths now! on FCC to Regulate 'Profane' Speech · · Score: 2, Insightful
    Err, just as an aside, the FCC only controls network TV and radio broadcasters who freely transmit over the public spectrum (Cable/sat TV and Satellite radio are exempt because they are subscription services and don't required huge swathes of RF bandwidth to be set aside to do it.)

    Needless to say, the Internet is completely exempt.

    IMHO, the FCC has gone far, far beyond their original duty... (they were originally founded to help avoid wireless transmissions from stepping all over each other and hosing up rescue efforts, party in response to the Titanic disaster.)

    OTOH, in my very humble opinion I see no problem with them telling people to clean up their language with regards to public broadcasting, since there is nowhere near the sense of access control that you have with private subscription-like services.

    /P

  8. Why Local Works Better, IMHO: on How Do Small GNU/Linux PC Vendors Survive? · · Score: 1
    I am a CompSci instructor at a junior college. As a guy who buys all his own computers for his classroom, I've got a halfway decent budget and (within reason) fairly free rein on how to spend it. Now, during recent capital upgrades, Instead of the mass-produced Dell optiplexes that other teachers use, I went with the white-boxes form a local supplier.

    Why did I do this? Lots of reasons, actually:

    1) I needed boxes with generic parts that students can get into, to maximize the lifespan of these machines as I upgrade them. The Dells have way too many parts that I can really get from only one place... err, Dell.

    2) I don't want to pay the Microsoft Tax for pre-installed stuff... I already have an MSDNAA license, so why buy additional licenses I simply don't need, even for the Windows students? (the other half have Linux on them) Besides, I'll just have my students flush out the HDD anyway as part of their coursework. BTW, I know that Dell has the FreeDOS option, but that's still something I have to rip out, and the price difference is mysteriously not all that different. The local guy assembled all of my boxen "naked", no sweat.

    3) Local and instant response. The local vendor keeps a small pile of parts on hand so I don't have to dink about with inventory, and if I need something it's usually here before the end of the day, without needing FedEx.

    4) They're HUMAN! Yes! No more wandering about through the Audix maze, no trying to explain for the 10^96th time what I need, and then being treated like the legions of morons who really don't know what parts they need. I just call the local guys up, and talk to the gent who already knows what I have and speaks on my level, not from a 'resolution tree'.

    5) Individual parts are cheaper in most cases... For a RL instance, a $24 Dell 4/6-pin Firewire cable (plus shipping!) will cost me only $6 locally.

    6) I don't get stuck with big fat warranties built into the price, and other crap I simply don't need... and no hassles over the phone during the purchase, either. As a corollary, if I want to modify the hell out of the boxen once I get them all installed and operating (I have), no sweat.

    7) It helps the local economy, and creates a good symbiosis. These guys provide intern slots for (and occasionally hire) my students, and in return they get benefits that extend far beyond just the monster capital expense checks and a portion of my annual budget.

    There are some cases where using a big vendor would prolly be more effective, but in a lot of other cases, it makes more sense to stay local.

  9. Re:Government and Hospitals on Using Employee-Owned Technology in the Workplace? · · Score: 2, Informative
    Depends on the type of pacemaker... sometimes heart patients have an external one, or a temporary one until surgery can correct whatever required it in the first place. Not 100% sure on their susceptability, though.

    IIRC, most hospital rules regarding cell phone use has more to do with preventing interference to IV pumps (cell phones have been known to do this, causing the pumps to change their dosing rate or to shut down to idle) than to pacemakers.

  10. Yeah, but will it run... on Trusted Computing Rollout Hits the Desktop · · Score: 0
    ...err, maybe it won't run Linux? :(

    Okay, how about a more rational question: Will the drivers for this thing be OSS, or at least open enough to run Linux w/o violating the DMCA in the process?

  11. Agreed on Compaq... on HP Shipping Turbolinux HP in Asia · · Score: 3, Interesting
    ...ferinstance, they've always been the most ardent supporters of Linux on the PDA. They were the folks who built the original Linux-based ARM bootloader for their iPAQs, and even guaranteed to repair (for a modest cost) any PDA's that were 'bricked' by a bad bootloader install. They've always been more than friendly towards OSS/FOSS from what I've seen.

    I suspect that it was the major reason Ms Fiorina and her gang (sp?) hasn't stopped flirting with Linux just yet (the other reason is HP realizing that something has just got to replace HP-UX... )

  12. ...or desktops for that matter... on HP Shipping Turbolinux HP in Asia · · Score: 2, Insightful
    ...just one at a time, without having to pay a big, fat premium, or the MSFT tax.

    (now, where's that $#@! coffee?...)

  13. To heck with Asia... on HP Shipping Turbolinux HP in Asia · · Score: 5, Interesting
    ...when can I see a decent HP (or other big OEM) laptop w/ Linux pre-loaded for sale here in the US!? (yep, I know about the third-party laptop guys, but you just try and buy one Dell, HP, or etc. laptop with Linux, and not XP, pre-loaded on it...)

  14. ...and would this be useful for the newbie coders? on Exploiting Software · · Score: 5, Interesting
    The one question that sticks out is yes, learning how something is exploited will help out a guy who already knows how to code (and has enough experience to look at an exploit from both sides of the attack), but what about the newbie coder who, more than anyone else, desperately needs to know how to code properly in the first place?

    Someone ought to combine a guide for writing secure code, but with exploit examples that dissect it from both crack and code perspective. (does this book do that, perhaps? Maybe I missed it, but I didn;t see any indication of that in there...)

  15. It isn't the againg gamer audience... on Life After the Video Game Crash · · Score: 2, Insightful
    ...it's the fact that they gaming industry is running out of original ideas, plots, interfaces that are halfway easy to use, etc.

    I'll IMHO take a lot to revive that, and as pointed out a couple of weeks ago, it'll take a development team run by people who love what they do, and not executives who love reading P&E statements based on the projected income of the "hottest new release!".

    /P

  16. A lot in common w/ Linux... on Linus on Linux in 1994 · · Score: 2, Insightful
    ...used to be, you only heard about penguins in two places: Nat'l Geographic and Bloom County. Now? They're damned near everywhere (and not just because Animal Planet showed up in the interim, either.) OTOH, Linux is a lot like that particular animal:

    * Few really and truly understand it from top to bottom.
    * It appears to be a helpless critter and an easy target, yet it happily survives in conditions that would kill most other creatures.
    * ...And finally, Penguins and Kernel hackers both stay out of the sun for at least 6 months in each given year. (cue rim-shot here.)

    Cheers,
    /P

  17. Ah, much thanks... this was the part: on Hollywood's Foundations Rest on Piracy · · Score: 2, Interesting
    ( ...forgot about good ol' Wayback. Need more coffee... )

    Quoted relevant text:

    "Now for the real bemusing part... perhaps the MPAA should look at their own history before they point their finger at the DeCSS "pirates" they seek to subdue: If you look back to the history of filmmaking, back when the motion pictures were first invented, you'll find Thomas Edison's monopoly in New York City. His company held an exclusive and tight stranglehold over all film projectors, film, movie rights, and nearly anything associated with motion pictures. If you wanted to make a movie, you paid an exorbitant number of fees to rent the cameras, rent the scenery provided only by Edison, and even to rent the film (yes, Rent - you never actually owned it, even after it was developed.) Anyone caught trying to make their own movies or to show them without the blessing of Edison and Co. were buried in lawsuits, or worse. A small group of filmmakers decided to revolt, proclaiming that one should be free to create and show films without kow-towing to some huge conglomeration. To escape Edison and Co., they moved everything they had to a far-away place...a small town known as Los Angeles, California. From there, these artistic rebels created films - films that created the largest dominant force of culture on Earth, all because they wanted to make films without a corporate stranglehold. It's an utter pity, and a show of sheer hypocrisy by the MPAA, that the artistic descendants of those early pioneers have decided today to resurrect and bow down before the very thing their forebears hated the most."

    Turned out that DiVX eventually made me wrong on some of the article, but otherwise it's cool that the rest of it has held up after all this time :)

  18. According to the quoted article... on Search Engines Set To Vie For China · · Score: 1
    Amnesty believes Microsoft is in violation of a new United Nations Human Rights code for multinationals which says businesses should 'seek to ensure that the goods and services they provide will not be used to abuse human rights'. The article basically states that 'Gate's firm supplied technology used to trap Chinese dissidents'."

    1) Err, Amnesty Int'l is the primary source of condemnation MSFT, not Slashdot.

    2) How do you "trap Chinese dissidents" with Google or Yahoo? Wouldn't Mapquest be faster? RedHat I could see the kick about since they do OSes too, but see #1 WRT RedHat and culpability.

    3) With respect to OSS operating systems (of which neither Google or Yahoo qualify), the first pile of replies in your quoted article are chock-full of people asking stuff along the lines of 'what about OSS? Aren't they culpable as well?'

    So, err, what was all the shouting about again?

  19. Ack- I wrote about this FOUR YEARS ago... ! on Hollywood's Foundations Rest on Piracy · · Score: 2, Interesting
    No, seriously... 4 years back!

    Dang... wish I'd saved the whole thing though; the original osopinion.com website had long since morphed into something else. Maybe I oughta chuff up a resume' and call Wired? Nah.

  20. Re:VI or Emacs? on Search Engines Set To Vie For China · · Score: 1
    Maybe, or perhaps China may come up with a better algorithm still.

    I look at it in the perspective that the Chinese have a unique cultural outlook on life and philosophy that has been sharpened and refined over millenia. Odds are fairly good that they could put it to use in finding a way to do something (searching stuff online in a most relevant way) that many still regard as an art more than as an exercise in math and coding.

    (man, emacs is ugly enough in English... I don't wanna know how many fingers would be required to do anything in a Chinese-ideogram keyboarded version of emacs...)

  21. Talk about Chutzpah... on Search Engines Set To Vie For China · · Score: 5, Funny
    "My job in China is to kick Google's ass," said Zhou Hongyi, the bespectacled founder and chief executive of 3721 Network Software,"

    He's gonna need an awfully big boot...

  22. Re:I don't get it on Baystar Confirms Microsoft Behind SCO Investment · · Score: 5, Insightful
    ...because "the enemy of my enemy is my friend."

    It doesn't take science to figure out that a company with $40bn in idle cash and nothing better to do with it would have no problems with tossing some of that dough into throwing its competition under a cloud of doubt.

  23. Re:Uhm... no... on New Net Battle Over ".mobile" Looming · · Score: 1
    Not to mention the length... keeping TLD's to two or three-letter suffixes is just right; plus there is a case that too much flexibility in TLD names can get ugly, to say the least.

    Besides, no one adheres to TLD convention anymore anyway... my own school uses .net instead of .edu as an alternate suffix, as do gov't agencies who use .com instead of .gov...

    IMHO, it all sounds like a scheme by registrars to snag a ton of cash from big companies who buy up all possible TLD's to prevent cybersquatting.

  24. They prolly still use SGI stuff... on Pixar Switches to Mac OS X and G5s · · Score: 1
    Thet multi-million dollar 64-bit Altix NUMA cluster system they bought awhile back isn't just going to get pitched into the dumpster, y'know... a render farm is still a render farm.

    OTOH, it kinda sucks that they're ditching Linux in favor of OSX... though maybe the CG proggies that they ran on Linux will now be available for a cheaper price? (please?)

  25. Re: Microsoft may be a lot of things... on Linux the Tortoise to Microsoft's Hare? · · Score: 1
    LOL!

    Sorry 'bout the prophetic-sounding tone. It's just that with China and Japan going all-out for their own version(s?) of Linux, India's growing affinity towards the Penguin in general, plus even more news from Singapore, Thailand, etc... things aren't looking good for Redmond over there, and don't appear to show much promise of improvement.

    MSFT is either going to have to adapt, or they'll die off as Asia does become the software powerhouse (I know the adapt or die strategem is the absolute most common, but when you consider that even MSFT offloads most of their coding work to India, but little love flows back to Redmond in return...)

    /P