Slashdot Mirror


User: Alex+Belits

Alex+Belits's activity in the archive.

Stories
0
Comments
6,525
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,525

  1. Re:Please keep in mind on Holy See Declares a "Unique Copyright" On the Pope · · Score: 1

    Personally I would have thought they would have wanted to get their symbolism out there as much as possible and only react if it was being used negatively.

    NOBODY EXPECTS THE SPANISH INQUISITION!

  2. Re:welleee on Best Way To Clear Your Name Online? · · Score: 1

    gb2/b/.

  3. Oh wow, first post! on Malware Found Hidden In Screensaver On Gnome-Look · · Score: 1

    I see, now Microsoft marketing subcontractors click faster than trolls' scripts.

    Too bad, their "arguments" are still total crap.

  4. Re:auto-update on Malware Found Hidden In Screensaver On Gnome-Look · · Score: 1

    1. What happens when a publisher includes auto-updating code, but not specific attack code, like the DDoS software in the mentioned examples? If discovered it will appear to be a security risk, but not specifically malicious...

    This is precisely why Linux-specific software NEVER has built-in auto-update -- it's installed by a package manager and can only be updated by root. Things like Firefox extensions may have auto-update functionality, however if an extension is installed by a package manager, it won't be auto-updated by anything other than package manager.

    2. What happens when a software developer produces some completely innocuous software, gets into the repositories - and then months down the road, produces an update with DDoS capability, and has the update pushed into the repositories and automatically distributed?

    Then he won't remain a package maintainer for too long. It also would be very easy to detect such malware after the first report because all sane repositories require the source to be available unless the package is a wrapper that installs something closed but sufficiently trusted (from NVIDIA, ATI, VMWare, Adobe).

  5. Re:Huge Fail on Children Using Technology Have Better Literacy Skills · · Score: 1

    lol wut.

  6. Re:More Windoes trolls. on Ethics of Releasing Non-Malicious Linux Malware? · · Score: 1

    most users are quite accustomed to the idea of unzipping things before opening them.

    Except modern Linux desktops don't require extracting the files manually just for viewing -- GUI archive managers extract a file into a temporary directory, and run a viewer on it, or mount the archive as a directory (with all files non-executable). Users who use those archive managers will click on the archive file, see executable along with other files, and will be able to open all other files, however archive managers won't allow them to run the executable. To run a file it would be necessary to explicitly choose to extract the file, see the executable, select that executable and run it -- that has to be something pretty deliberate and different from anything else that a person would want to do with an archive.

    Linux users who use command-line tools would indeed extract the file first, however if they are familiar with the command line, it's safe to assume that they are not going to blindly run scripts or switch to GUI file manager and click on some untrusted executable file.

  7. Re:No, it would be malware on Ethics of Releasing Non-Malicious Linux Malware? · · Score: 1

    Windows malware propagates itself. This is why antivirus software is possible -- save for little pranks similar to this supposed "Linux malware", most Windows computers end up getting the same mass-distributed self-executable pieces of software, usually redistributed by other infected computers. The whole idea behind antivirus software is that all copies are either identical, or similar enough to be identified when they are about to be executed (or after they are already running). This is what is still keeping most Windows computers from being completely overrun by worms and viruses (and that won't work once polymorphic viruses will become more sophisticated).

    On Linux there are no "immediately executable" files -- user has to run a package manager, archive extractor or shell before anything becomes executable, so save for security bugs in viewers and libraries, there is no way to produce something that will end up running on a large number of computers -- even with user's privileges. Once in a while security bugs give potential malware authors an opportunity to bypass this, however the time window is usually so narrow, and "hardened" configurations so common, the impact of those bugs is minimal.

    Larger numbers of Linux desktops won't changes this -- for example, Linux is currently a very popular platform for public-accessible web servers. Those servers are more attractive as a target than pretty much anything else -- for a spammer or identity thief, a compromised web server in a data center can potentially replace thousands of botnet members. There was no shortage in security bugs that affected those servers over the last one and a half decades, and yet none of them resulted in any noticeable numbers of compromised servers -- usually either bug didn't live long enough before being fixed, or other measures made it impossible or impractical to exploit. At best someone compromises a single vulnerable PHP application without any meaningful effect for the rest of the system and without any capability to use the "compromised" application to launch more attacks.

  8. Re:More Windoes trolls. on Ethics of Releasing Non-Malicious Linux Malware? · · Score: 1

    You can't create a viable botnet without self-propagation mechanism. "Download this file run 'Terminal', then type 'chmod +x Desktop/notavirus.bin ; Desktop/notavirus.bin &'" is not a self-propagation mechanism.

  9. Re:Really? on Somali Pirates Open Up a "Stock Exchange" · · Score: 1

    I dunno. My money are in the hands of professional crooks, American bankers.

  10. More Windoes trolls. on Ethics of Releasing Non-Malicious Linux Malware? · · Score: 3, Insightful

    I have a strong suspicion that this whole "question" is merely an attempt by Windows marketdroids to spread one of their favorite FUD formulas: "Linux is not really secure, it's just too unpopular to be targeted by malware writers". Please note how often it is mentioned in otherwise content-free comments.

    There is no actual "malware". All author claims is that he wrote something that demonstrates the fact that a program executed on a Linux box by a user has that user's access privileges and can do stuff that the user does not expect or like. That's at best a trojan horse -- without capability to gain superuser privileges or compromise other users or hosts, such "malware" is firmly in the range of stupid pranks -- slightly below changing someone's wallpaper to goatse and slightly above asking someone to check out the Last Measure web site. It has nothing to do with millions-strong botnets and hours-to-worldwide-pandemic worms that make Windows such a great platform for crooks and vandals.

  11. Re:World's largest democracy! on India To Have Automatic Communications Monitoring · · Score: 1

    This is the first time in literally decades when I was accused of defending US government or Americans in general.

  12. World's largest democracy! on India To Have Automatic Communications Monitoring · · Score: 2, Insightful

    World's largest democracy!
    World's largest democracy!
    World's largest democracy!

  13. I have just searched for "bear" in the comments. on Australian Govt. Proposes Internet "Panic Button" For Kids · · Score: 2, Funny

    ...and found nothing.

    NOTHING!

  14. Re:dark side of the coin on Prison Terms For Spammer Ralsky, Scientology DoS Attacker · · Score: 1

    Free speech may, indeed, include the right to talk even when people don't want to talk to you.

    I am certain, it does not, however if by any chance it does, or if some asshole lawyers will manage to redefine it so it will be, then I don't want free speech.

  15. gb2/b/ on William Gibson's Neuromancer Staged With Porn Star · · Score: 1

    gb2/b/

  16. Re:Running encrypted binaries on No More Fair-Price Refund For Declining XP EULA · · Score: 1

    And what does it have to do with users who wipe their computers' hard drives and install a completely different OS?

  17. Re:Running encrypted binaries on No More Fair-Price Refund For Declining XP EULA · · Score: 1

    WTF are you talking about? There are no encrypted binaries involved.

  18. Re:Markups on No More Fair-Price Refund For Declining XP EULA · · Score: 3, Insightful

    ...and since I do not accept the EULA in the first place, it does not matter what it says about anything -- including anything it says about not accepting EULA.

  19. Wait! Does it mean, Myspace will be deindexed? on Murdoch-Microsoft Deal In the Works · · Score: 5, Funny

    [I! Love! This! Company!] YEEEEAAAAAH!

  20. Re:Image viewers on GIMP Dropped From Ubuntu 10.04 · · Score: 1

    How does it feel being a religious zealot?

    There is nothing religious in rejecting a piece of infrastructure that was first based on bad ideas, then sabotaged, then poorly implemented.

    In your opinion.
    Congrats on a pointless post! But you're right, Ubuntu should really configure their distribution based on your personal biases and opinions.

    My opinion merely reflects reality.

  21. Re:Image viewers on GIMP Dropped From Ubuntu 10.04 · · Score: 1

    Uhuh. And F-Spot is a fully-blown photo management package.

    F-Spot:

    1. uses Mono.
    2. doesn't do anything useful for a real user -- it's either too much or too little.

    Look, if you want to just "[display] a directory full of images", great, fire up gqview and enjoy!

    Except that it's not installed by default while other bloatware (such as Mono) is.

    Ubuntu ships with Eye of Gnome, which will come up by default when you 2x click an image in Nautilus and will happily browse through images in a folder.

    Eye of Gnome folder view sucks ass. And so does its image viewing functionality. This is why you need "photo management package" if this is your image viewer.

    But if you want arbitrary tagging, query, organizing, and touch-up features (red-eye removal, rotation, scaling, etc), F-Spot is an excellent option.

    Those functions are useless when browsing photos and inadequate for any real-life photo editing.

  22. Re:You laugh, but.... on Fedora 12 Lets Users Install Signed Packages, Sans Root Privileges · · Score: 1

    because home users ain't buying this thin client crap.

    If home users have someone else doing administration (usually a relative), that user doesn't have to be able to install software. It would work the same way in Windows if not Windows' piss-poor security model and applications' insistence on having excessive permissions -- problems that never existed in Linux.

  23. Re:You laugh, but.... on Fedora 12 Lets Users Install Signed Packages, Sans Root Privileges · · Score: 1

    Or we can simply not allow users to install software if they are not admins.

    Oh wait, this is exactly what we are doing now.

  24. Image viewers on GIMP Dropped From Ubuntu 10.04 · · Score: 1

    F-Spot? WTF is that? Mono again?

    There are two perfectly usable image viewers -- GQview for Gnome and Gwenview for KDE. They do one thing well -- displaying a directory full of images in a user-friendly way. For actual photo editing Gimp pretty much covers everything a casual user will want to do, so if they don't want to include it, they can add a stub to GQview editing menu to install Gimp before editing a file.

  25. Re:In Soviet Russia on Free Software For All Russian Schools In Jeopardy · · Score: 2, Funny

    That system is what strangles middle class - it's very hard to run a small business there, because bigger fish will always seek to swallow the smaller ones, and they have plenty of money to bribe the bureaucrats with.

    I guess, you didn't get the memo -- in US "middle class" means "all people between about 150% and 2000% average income", in Russia "middle class" means "people who generate income from property but can't manipulate the market through their property".

    I can assure you, small businesses in US are thoroughly fucked in all areas where it is possible to run a big business. "Middle class" mostly consists of professionals and middle managers in big businesses.