Slashdot Mirror


User: msobkow

msobkow's activity in the archive.

Stories
0
Comments
5,287
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,287

  1. Re:It's a different society. on China Moving to Real Name Registrations for Blogs · · Score: 1

    There are also government departments and staff in the US and Canada whose job is to surf, looking for problems ranging from child pornographers to media and software piracy. Add in all the corporations doing the same to protect their concept of IP, the ease with which data traffic (especially email) can be sniffed, filtered and archived, and the limit to what can be done is not really technical any more.

    It's just a matter of distributing the workload, maybe installing a government server at each ISP that sniffs POP3/SMTP traffic on their internal backbone without even touching the actual ISP servers.

    Only the law stops such activities, but when the leadership of a government declares the constitution a "piece of paper" and blatantly ignores it's regulations, then who is to say what is and is not actually being done?

    The constitution of a nation defines what the nation is, so if the constitution is ignored then the nation no longer has a stable definition on the international stage and becomes an unpredictable threat to other nations.

  2. Re:Old IBM portables anyone? on How Practical are 20-inch Laptops? · · Score: 1

    Credit where due -- they're a lot more powerful than the Osborne 1.

  3. Re:What? on Patents on Tax Reduction Strategies a Problem · · Score: 3, Insightful

    Patience.

    It's a matter of time before the remains of SCO patent the use of patent lawsuits as a business model. The hope would be to get into a lawsuit over that patent, creating a potential infinite recursion and thereby an infinite revenue stream out of thin air. :p

  4. Re:Vista on AMD 4x4 Quad Father, Quad Core CPU Details Emerge · · Score: 2, Insightful

    Or a full Linux install with OpenOffice, Mozilla applications, dev tools, utilities, etc.

    Sad to say, XP vs. Linux isn't much of a performance competition any more. With a slow enough old box, you'll find they both take forever to boot... ;)

    What worries me with Vista is the memory expense of full-application rendering regardless of surfaces displayed, as well as the application expense of always rendering a full screen of widgets instead of skipping over clipped/obscured regions.

    The graphics hardware is a small expense of Vista's display approach. I would not be at all surprised to find that total CPU load per application goes up significantly for identical binaries. The widgets exist whether they're rendered or not, so there shouldn't be any real per-application memory expense in that regard.

    Other flashy GUI's have relied on OpenGL display clipping to reduce the widget rendering load -- my understanding is Vista's approach disables that clipping, requiring 100% rendering expense regardless of the final presentation.

  5. Re:Assistive device drivers on Vista DRM Prevents Kernel Tampering · · Score: 1

    Pick a direction instead of flailing your objections around.

    If the issue is charitable development, contact Microsoft.

    If the issue is hobby development, contact Microsoft.

    The essence is that if you pay over $1200/year for the MSDN developer suite, you should have the necessary tools to develop and test drivers. If you're running cracked or stolen software, TFB.

  6. Re:Assistive device drivers on Vista DRM Prevents Kernel Tampering · · Score: 1

    Are you seriously suggesting that Microsoft would commit the PR suicide of telling a charitable organization developing assistive hardware to FO if they asked for help with signing some drivers?

    I think you're really starting to dig for the worst possible outcomes.

    Every RPM I've downloaded for the past few years is signed.

    I completely fail to understand this paranoid fear of driver signing, even if the root CA for the drivers is Microsoft.

  7. Re:Get real on Vista DRM Prevents Kernel Tampering · · Score: 1

    As others have mentioned, the signature on the driver would identify the vendor distributing the rootkit driver. This is not a new problem -- any vendor you decide to trust could install a virus or rootkit once you grant them admin access for an installation or update. It's called a Trojan.

    All we're talking about is a driver signature, not WHQL certification. It's only a means of identifying the software provider.

    I fail to understand why everyone is so terrified of being able to know who provided the software running on a machine, or establishing trust networks for the providers of that software. That's what DRM can do.

    A "pure" Microsoft (or other vendor) system running only vendor-certified software would qualify as a member of that vendor's trust network. But we're only talking about requiring software providers to identify themselves via driver signing, not the wider scope of trusted software stacks.

    Now if Microsoft were to require WHQL certification before a driver could be signed, then there would be an issue -- certification is slow ane expensive, and would make third-party driver development virtually impossible.

    It's up to the service provider to decide what level of trust network community they want to deal with. Is your intranet only going to allow WHQL-certified nodes? Only signed nodes? Only drivers and software signed by a particular whitelist of vendors?

    Or will you establish a trusted client session based on it's advertised capabilities -- JVM level, browser capabilities, registered browser plugins, scripting languages enabled? Public sessions should be based on capability, but intranet (VPN) restrictions may well be tighter.

    I've always kept a seperate box for VPN sessions. I can't imagine doing custom driver development on the same boxen I use for VPN, surfing, or general software development. If the driver dev box needs access to intranet resources, it's an issue of ensuring the intranet explicitly trusts the developer's trust network of 1.

  8. Re:Are your acquaintances an unbiased sample? on Vista DRM Prevents Kernel Tampering · · Score: 1

    Forum. Public posting. Opinions.

    Clearly you comprehend the concept of a forum, as you reference hardware hacking boards.

    Or are you suggesting that any one opinion should be considered more valuable than another? If an opinion garners discussion, clearly others have ideas about the opinion, and everyone learns.

    Presuming you go back and follow up on your postings, that is... :)

  9. Industrial Espionage, not spam slaves on Targeted Trojan Attacks Causing Concern · · Score: 1

    I believe the article is talking about targetted industrial espionage, not spam slaves. Unless a target had control over a multi-gigabit backbone link, I can't see a spammer going to the effort of targetting specific machines, clusters, or users. In those cases there are admins monitoring traffic load and the spam would cause a surge in outoing SMTP/POP3 traffic and rapidly get traced. Companies with big pipes tend to have the infrastructure in place to monitor and maintain the hardware behind those pipes.

    In short, I seriously doubt spam distribution would be the reason behind a targetted attack.

    Targetted attacks would select an individual machine, cluster, or user because they contain or have access to resources the attacker wants. It could be source code, it could be credit card numbers, it could be internal business plans, or it could be some goof trying to stalk the cutie on the second floor.

    The point is the expense of a targetted attack starts with the expense of identifying a target.

    What reason does the attacker have for identifying the target?

    i.e. What's the motive?

  10. Re:Get real on Vista DRM Prevents Kernel Tampering · · Score: 1

    Aside from that, I see no reason why Microsoft couldn't provide a free developer signature bound to a particular system installation. That way if you want to compile and run custom drivers, or sign untested drivers you downloaded, you could. Your system signature would no longer be valid for any sites that require a "pure" Vista installation (e.g. corporate intranet), but public sites and services shouldn't restrict access that tightly.

    That should be part of the functionality of the development suite Microsoft sells. I'd actually be rather surprised if it isn't.

    i.e. If you sign your own drivers, you become a trust domain of size 1.

  11. Re:Get real on Vista DRM Prevents Kernel Tampering · · Score: 1
    But then I guess you don't care what happens to those people. Because if it's not big, or government, or corporate, your attitude seems to be "throw it away".

    My "attitude" is that it takes several thousand dollars to implement even test hardware that runs at the clockspeeds of modern computers. The days of breadboarding and wire-wrap running at 1-2MHz are over.

    The MS development tools for doing driver development also cost money.

    After spending $1500 or more on the MS dev suite, another $10,000+ to have even one prototype board manufactured with a custom VLSI chip, and I just can't see where $500 is an issue.

  12. Nice theory, but incorrect on Future Eudora Based on Thunderbird · · Score: 1

    Once Eudora added the option of letting IE widgets render email previews, it became vulnerable to the same security risks.

    I used Eudora for several years. The main reason I stopped was they didn't have a Linux version, much less a compatible code base that would let me move from OS to OS without tossing all my email history.

    To be honest the only thing Eudora did that I really miss with Thunderbird is the email filtering. Eudora had useful filtering capabilities that work. Thunderbird's filtering is so badly done and unreliable that it shouldn't even be shipped.

  13. Get real on Vista DRM Prevents Kernel Tampering · · Score: 2, Interesting

    The only unsigned driver I have ever seen was for an old Voodoo board.

    The last time I met anyone who was using custom hardware was around 1985-6, a sound board that plugged into a C-64.

    If you can't use your old hardware with Vista, then don't run Vista. New hardware shipping with Vista will be able to run it.

    As a security-conscious programmer with a lot of corporate development history, I support Vista's blocking of non-signed drivers 100%. It's actually the first time I've agreed with Microsoft's plans and features since suffering the pains of Windows 3.1 development and support.

    Maybe it's time for the idealists to get real about security issues. They see DRM as preventing them from experimenting; the vast majority of government, corporate, and home users either don't care or see it as a benefit that provides more protection from crackers, viruses, rootkits, etc. Even OpenSuSE has a similar enforcement option for verifying binaries, and I doubt it'll be too long before bigger commercial OS vendors do the same.

    Fight a battle you have a chance to win, and stop dreaming that unsigned platforms have a future. Without someone certifying that a platform is secure, businesses are going to stop using them. Eventually client nodes that aren't certified won't be able to do much useful, either.

    I object more to the use of products like Entrust web sign-in that ignores the security provisions of products like Java sandboxing, artificially blocking clients unless they are running a paid-for commercial OS from Microsoft or Apple. (Try registering with http://www.gc.ca/main_e.html for a "My Government Account" with Linux or even with Firefox under WinXP Pro.)

    There is no reason for such an artificial blockage of client access, and that worries me a hell of a lot more than whether a couple dozen hackers can run custom drivers for their own hardware. Why would such a hacker go through the pain of Win32 driver development instead of Linux drivers anyhow?

  14. Grammer in university? on Bloggers or High Schoolers, Where is the Literary Talent? · · Score: 1

    I think you underestimate the seriousness of the illiteracy problem in north america.

    Some friends of mine are taking adult degrees at a local university. One of them is taking what was supposed to be a writing course, to help brush up on her essay skills.

    It's a course on grammar and sentence structure. Material that was covered in Grades 9-12 when I was in high school.

    I've met people with doctorates (PhD's), masters, and purportedly advanced (4 year) university degrees who simply cannot write. They can't express themselves. They can't explain an idea in anything other than the symbology of their degree.

    I'd even go so far as to say that many of the purportedly educated people I've worked with simply can't communicate effectively, whether in verbal or written form.

    I'm not sure who is to blame for the mess. Some blame sports and the idea of a coach pushing a prof to grant a passing grade to protect a star player, but the reality is none of the people I'm talking about were on athletic scholarships in the first place.

    Even worse: most of them were not immigrants. They're second or third generation Canadians and Americans.

  15. Re:Agree and disagree on Intellectual Property Manifesto for the UK · · Score: 1

    Digital media has nothing to do with the excessive copyright duration, and I don't see how "rebalancing" copyrights would have an impact or be impacted by digital vs. analogue or other media formats.

    An active enterprise that continues to develop new products and material based on older copyrighted material should be able to extend the copyright on the character(s) involved. For example, if Disney were still producing Mickey Mouse media, it would make sense that they could extend the copyrights and trademarks to cover the new material.

    But copyright as it is currently implemented in many nations does nothing but service the greed of corporate shills and do nothing to benefit the creator or their descendents.

    In particular, if there is so little profit to be made from copyrighted material that the owner ceases production, the copyright should be cut short.

    Perhaps instead of looking at things in terms of "life + 70 years" we should be looking at "viable marketing and sale period plus 10-20 years." If they take it off the market, they have ten years to bring it back as a new series, media, or product to try and earn additional revenue. If the owner fails to do so, the copyright falls to the public domain.

  16. Re:That explains the "take me back" kiss ass, then on Ten Geek Business Myths · · Score: 3, Insightful
    go read datadraw.sf.net

    I think I see the problem with your old business.

    You didn't make anything available except a code download.

    No documentation. No description of capabilities, purpose, performance, extensability, flexibility, etc. No examples of what the code could be used for.

    Just code.

    I have code that could do amazing things, but I'm trying to make it useful, documented, and have examples before I try to do anything business-related with it. Without the documentation and examples behind an attention-holding introduction, no software has a chance to do anything but bit-rot.

  17. Here are two talking heads -- pick one on House Approves Warrantless Wiretapping · · Score: 1

    It doesn't matter which party runs the government. They both get their information from the same unelected bureaucrats, military, and agencies. They both have to act based on that information, with no way to verify it's accuracy.

    It's not like the proposed laws actually change anything, anyhow. You don't have any more rights than you can afford to buy in court, if someone decides to have you detained or charged for any reason.

    Ask anyone who couldn't afford their own lawyer how much respect their rights got in court. You might have to go to a local, state, or federal facility to find someone to talk to, though.

    You might also find a lot of them are minorities from the inner cities. One future issue that will be interesting is the inevitable "revolution" of the inner city poor. Having spent all these years going on about terrorists and the war on drugs, those revolutionaries would likely be flagged as "Islamic Terrorists" rather than fed-up American citizens.

    What, pray tell, is the difference between an internment camp and a prison to someone without a lawyer?

  18. Re:Absolutely no chance of success on Suit Blames Videogames for Homicides · · Score: 3, Interesting

    How do I plug my keyboard and mouse into a sniper rifle so I can aim and fire?

    What!?!?!?! You mean I have to actually run around with the danged thing instead of sitting in a chair?

    Yeesh! Next thing you'll be telling me is shells don't appear in magical floating boxes as I wander the streets... :p

    Seriously, maybe it's time to yank the lawyer's bar. Too many such morons waste the time and resources of the public courts, hoping to leverage cash for the lawyer's firm. After all, what have they got to lose? If they don't win the case, they just try to get the plaintiff to pay their fees.

  19. Re:The GPL3 process is not closed on Why Torvalds is Sitting out the GPLv3 Process · · Score: 1

    If a user outside the company or enterprise is accessing a system, then that system is being used outside the company.

    If the software is used outside the company, it is being distributed.

    If the software is being distributed, the source must be released under the terms of the GPL.

    If you are using a VPN to access the program, you are using resources within the company to run the software. If you are using SSH or a web interface, you are accessing the application via resources outside the company and thereby using code that is being distributed.

    Those who claim otherwise are playing word games and ignoring the obvious intent of the license.

  20. Re:The GPL3 process is not closed on Why Torvalds is Sitting out the GPLv3 Process · · Score: 0, Flamebait

    If a user outside the company has access to the application and it's data through whatever remote interface you choose (web, SOAP, J2EE, CORBA, et. al.) then the code is being effectively delivered to the public and the code changes are subject to the same restrictions as if you'd shipped a "product" instead of a "service."

    The one good point of GPLv3 is that it expressly addresses the leeches who play word games and legalese instead of STEALING other people's work.

  21. Re:Finally... on Clinton to Start $1 Billion Renewable Energy Fund · · Score: 1

    The term "mini refinery" is misleading. I think it's the kind of term the oil companies would bandy about in an attempt to ensure that biodiesel production is regulated by government bodies the fossil fuel companies already know and have leverage with.

    Biodiesel processing is much cleaner than fossil fuel cracking, and it doesn't leave behind a host of fuel variants (gasoline, diesel, kerosene, high-test fuels, paraffin, etc.)

  22. Re:Summary Judgement on IBM Asks Court to Toss SCO's Entire Case · · Score: 2, Insightful

    Everyone knew not to mess with IBM in the first place, the same as they know not to mess with Sun, Microsoft, HP, or anyone else with a patent portfolio and a serious legal budget.

    IBM continues to invest in the case not because it's cost effective, not because it's the "right" thing to do, but to ensure that the question of derivative APIs (not code) is settled in the courts once and for all. There have been cases in the past over smaller related issues, such as the macro names and syntax between Lotus 1-2-3 and Microsoft Excel, or IBM's implementation of a Win32 API layer for OS/2 Warp.

    But this is the first case where there are clearly defined and documented international, national, and government standards that define the APIs being fought over. Were SCO allowed to walk away with even the slightest victory, there would be a chance of software providers getting sued over any attempt to implement standardized APIs, regardless of whether the implementation is "obvious" to an experienced programmer or not.

  23. Re:Summary Judgement on IBM Asks Court to Toss SCO's Entire Case · · Score: 1

    I don't think it's so simple as "crush it completely."

    They want to OWN it completely, because it's the only hope the investment in the SCO branding logo will have any value in the future. The flagship product SCO holds a support and maintenance contract is so crufty and outdated compared to other operating systems that they can't hope to earn a revenue stream from it.

    SCO is an example of what happens when a company stops investing in R&D, new development, enhancements, and instead focuses on "cost savings" to boost short-term share price. After years of short-term goal focus, the company is nothing but a shell, useful for nothing other than harassing companies whose boards know how to develop and grow a business.

    It's also an example of the difference between a "blue chip" company and a risk investment.

    I still haven't seen any firm answers as to who is or did pay for SCO to commit this legal suicide. Someone is benefitting or stands to benefit, and it sure isn't SCO and any remaining "regular" investors.

  24. Re:Finally... on Clinton to Start $1 Billion Renewable Energy Fund · · Score: 1

    With BioDiesel or Hydrogen approaches, there would still be retail distribution jobs.

    BioDiesel interests me because I see it as solar energy in storable and transportable form. The issues of a stable energy supply has always been an issue for wind and solar collection, relegating them to being supplemental instead of primary energy sources.

    Unlike ethanol, biodiesel energy farming is net-positive, even with current technology.

    Where there will be fights is in government, as fossil energy companies fight with lobbyists to retain an undeserved profit margin. Expect sudden and dramatic shutdowns of fossil production sites to highlight the loss of jobs (think of the children!), while neglecting to mention that the multi-million dollar management salaries and shareholder payouts continue unaffected.

    Biodiesel also puts a new spin on farming, as farmers become energy producers instead of just food producers. Energy is, oddly enough, a more stable market than food production. I wouldn't be surprised to see production starting out with collectives or unions of farmers investing in a biodiesel production facility, and using their own fuel to reduce operating costs rather than selling it as product.

    If such collectives are sufficiently profitable, their success will trigger the big-dollar investments in full commercialization.

  25. Decision making is not in the hands of the owner on Linux Kernel Developers' Position on GPLv3 · · Score: 1


    Decision making is only in the hands of the owner iff the owner is educated and willing to download, modify, compile, and probably debug code. The percentage of computer owners who actually have that skillset is very, very small, so I'd argue that in most cases the freedom of code has little or nothing to do with the freedoms of the hardware owner.


    This is not about functionality or freedom; it's about a few people who want to run modified software as the client of a secured delivery service. There is no reason that a seperate hobbyist key could be delivered with hardware so you can run whatever custom software you want, but which does not enable the software to participate in the secured service.


    There is nothing in any version of the GPL to guarantee access to a runtime service or it's data. The code does not own the content, but GPLv3 tries to treat the possibility of encrypted services and data as being relevant to the licensing of the code.


    In fact, GPLv2 was rather explicit about the output of programs not being restricted by the licensing of the code itself.