Slashdot Mirror


User: msobkow

msobkow's activity in the archive.

Stories
0
Comments
5,287
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,287

  1. Re:Well DUH on Analysis of .NET Use in Longhorn and Vista · · Score: 1

    I think people need to remember that J2EE and .NET are designed for network-aware distributed applications with web, desktop, and peer clients. There is a lot of overhead that can come into play if you use the wrong features to solve a problem, and performance will be horrible.

    Native code gets a bad run because a lot of vendors use do-it-all APIs that rely on void pointers or anonymous handles/ids and request numbers instead of using a lightweight code wrapper so programmers are dealing with a type-safe readable API. Other native code products have the same issue. The result is too many opportunities for a typo to creep in to the code.

    If you don't require a distributed environment, need to maximize performance, and have the time to do extra code reviews and debugging, then native code is a better option.

    Unfortunately most of Microsoft's desktop applications are network-enabled, even if they're not distributed. If native code used a sandboxed network API instead of the existing/older OS APIs, the attack opportunities might be reduced. Or the various OS and native library producers could just finally get around to removing the old APIs that didn't include buffer sizes (it's been over a decade since the issue was recognized -- plenty of time to have upgraded the cruft in old applications.)

  2. Re:Analog data distribution is dead... on Adapt to New Technology or Die · · Score: 1

    Toronto Sun http://www.torontosun.com/

    Regina Leader Post http://www.canada.com/reginaleaderpost/index.html

    Both only publish partial content online. In the case of the Leader Post, they provide the option of an online instead of print subscription, which gives you access to the full content.

  3. Re:Analog data distribution is dead... on Adapt to New Technology or Die · · Score: 4, Funny

    Interesting. I find that most of the online newspapers I read only make a few key headline articles available, not the entire content.

    Besides, I hate dragging a 19" monitor with me to lunch, and people keep tripping on the cables... :)

  4. Re:The judges are flat out wrong on Deleting Files is a Crime? · · Score: 1
    All data, files, programs, and other information provided to me by the client or employer.

    If they paid for the time, it's their data. If it was created at their request, it's their data. If it was programmed specifically for them (as opposed to adapting existing code), it's their code.

    What most people claim are "grey" areas are caused by a failure to maintain a clear separation, resulting in a disagreement over ownership.

  5. Re:Thousands of laws? on States Pass Thousands of Info Restriction Laws · · Score: 1
    "The great trend out there - that sweeps across any record - is privacy," said Charles Davis at the Freedom of Information Center in Missouri. "There's a push by government that every time Joe Citizen's name is mentioned in a government document, it's an inherent threat to Joe Citizen's privacy if that document is released."

    Sounds like they may be misunderstanding the intent of the information privacy laws. Personal information is to be secured and not released to anyone without an audit record. A clerk brings up your medical file -- it gets audited. Some cop brings up your license info on a remote terminal -- the access is audited.

    That personal information should never be available to third parties without the express and explicit consent of the individual or their guardian. That does not mean there is a problem with providing aggregate data/reports that are too broad to identify individuals.

  6. Re:The judges are flat out wrong on Deleting Files is a Crime? · · Score: 3, Insightful

    When I return a PC or laptop to a client site, they are entitle to:

    • The OS installed and configured as it was when delivered.
    • All applications and software provided by the client installed and configured as when delivered.
    • All data, files, programs, and other information provided to me by the client or employer.

    That's it. Everything else on the machine is my personal property, and removing it is my right the same as cleaning out my desk when I finish a contract.

  7. Re:The judges are flat out wrong on Deleting Files is a Crime? · · Score: 1

    Losing data from a laptop is normal. If it was important, it should have been backed up.

    Most companies I've worked for over the years would mandate erasure if they realized how much data can be recovered from "deleted" files on a stolen or lost laptop.

    This looks like an attempt to set a precedence whereby anyone accused of terrorism or other crimes that happens to have encryption or erasure tools installed can be summarily charged and convicted without evidence.

  8. Re:The judges are flat out wrong on Deleting Files is a Crime? · · Score: 1

    Intrusion is different. We're talking about assigned company assets in the possession of the employee intended to use them.

  9. The judges are flat out wrong on Deleting Files is a Crime? · · Score: 1

    A computer provided to an employee to do their work is a tool and nothing more.

    If the company did not have a backup policy for the laptop, they did not take reasonable precautions to secure and protect their data.

    Whether by secure erasure, hard-drive crash, truck-runneth-over, or otherwise, they put all their risk in one device.

    Too bad, so sad. You lost your only copy.

    For the courts to presume that such a loss constitutes an actual crime is ludicrous. Thank God I'm not an American having to put up with the nonsense coming out of their courts lately.

  10. Re:New Face on The New Face of Script Kiddiez · · Score: 5, Informative

    Exactly. While the rootkits, virus kits, worm kits, and other attack examples have been out there since the early DARPA days, most people using them were exploring for security holes to exploit. Now we've got people who just use that work to take over unpatched or obsolete machines.

    They aren't hackers. They can't even claim to be crackers. They run a kit with as little thought to how it works as an Excel user thinks about the math and programming behind the interface. It's just a tool to them.

    What's really annoying is their persistent attempts to break a patched/maintained environment wastes bandwidth that has better uses.

    What's criminal is that their traffic interference can prevent you from using your connection to work or relax as you see fit. Legally, it should be comparable to theft of resources or vandalism preventing the use of resources. Following from that could be additional charges depending on the intended use of the victim's machines.

  11. This has been done for many years on Financial Responsibility == Terrorism? · · Score: 1

    The reporting of large financial transactions has nothing to do with 9/11 and the security paranoia since then.

    As the parent mentioned, any transaction over a certain amount is flagged.

    Transfers with certain banks or countries known to be "friendly" to money-laundering get flagged.

    Unfortunately too many Slashdot "authors" are more interested in a good panic and outrage over the privacy intrusion, rather than investigating the facts of a situation. (OTOH, this is Slashdot. "Facts" are mutable here.)

  12. Re:Credit where due on Better Networking with SCTP · · Score: 1

    It's a matter of semantics. From the wiki you mention:

    The SIGTRAN group was significantly influenced by telecommunications engineers intent on using the new protocols for adapting VoIP networks...

    In other words the engineers on the telco's payroll's did the work under the auspices of a standards body instead of eacy vendor creating their own incompatible mess.

    Truly the behavior of monopolists, daring to work together!

  13. Credit where due on Better Networking with SCTP · · Score: 0
    While the protocol was originally designed for telephony signaling...

    In other words, it started out in the hands of AT&T, Bell Labs, Northern Telecom, Alcatel, et. al.

  14. Re:I'm confused... on RIM Settles Long-Standing Blackberry Claim · · Score: 1

    I understand RIM's decision from a business perspective, but it's a shame that the case wasn't pushed forth to convict NTP as patent leeches. Not only would that have drained NTP's coffers instead of filling them, it would have taken away finances that they can now use to harass other companies that "infringe" on bogus generalizations that shouldn't be granted patent status.

    Email runs over IP, kapisch? IP runs over virtually every transport there is, including wireless.

    Email over wireless should not be patentable. RIM is using basic technology as it was designed to be used, not creating a "new" idea or implementation. The idea that NTP could patent anything to do with email over wireless is ludicrous.

    Ditto any P2P protocols over wireless instead of wired, network topologies over different implementations, etc. It's all blood-leeching bullshit resulting from a patent review system that doesn't understand the basic programming and engineering concepts of generalization and reuse. How the hell can you effectively patent a particular case of reuse if something is intended to be reused?

  15. Re:Unfair on Canada's CD Tax Out of Hand? · · Score: 1

    In other words they're taxing a legal activity -- not a big surprise with government.

    What I do object to is the fact that 90% of my CD and DVD blanks are for data backups. Literally hundreds of backup CDs going back many years. The earliest CDs are just consolidations of even older floppy backups.

    What has the recording industry done to deserve a tax on my data?

  16. Re:System.Windows.Forms on SWT, Swing, or AWT - Which Is Right For You? · · Score: 1

    I think you're giving .NET WebForms way too much credit.

    Take a look at fundamental Java JFC and the contract interfaces it defines. Now take a look at web interface programming and JSF. I think you'll realize rather quickly that JSF is nothing more than a webcentric API for implementing the JFC contracts.

    WebForms is the response to a little Apache project called "Struts". JSF builds on their concepts as well.

    Add Java 5 annotations, stir, shake well, and deliver. It's a very nice 1.0.

  17. Re:Does Unlimited really mean Unlimited yet ? on Portable Wi-Fi Hotspots · · Score: 2, Informative

    Rogers, Cogeco, and others (Toronto area) have already come up with the "excuse" to limit bandwidth far below the rates they advertise. In some cases their traffic shaping results in poorer performance than you'd get with an old dial-up modem.

    In most industries you're expected to grow your capacity to service the market. With cablecos, they'd rather charge you the full price and limit your service. The problem is, why pay for an "extra fast" link if it doesn't even perform as well as the "light" package is supposed to?

  18. Re:Shooting themselves in the foot on MPAA Files Lawsuits Targeting Major Torrent Sites · · Score: 1

    There is a lot of illegal BT traffic, no doubt of it.

    Personally I treat it as a Tivo replacement (as I'm no longer in the US.) No TV, no TV tuner card, but I pay for a cable subscription with the internet access. I see no issue whatsoever with viewing a BT "tape" instead of buying a clunky VCR.

    The *AA would very much like to convince everyone that such activities are illegal, and they seem to be succeeding. But it was settled a long, long, long time ago that taping broadcast is legal as long as it's not commercially distributed.

    So the *AA and their attempts to rewrite case law and history need to wake up to the fact that it's their repressive, obsolete business model vs. the IT industry. Guess which one is bigger, employs more people, and has more contracts with government?

  19. Re:Regular vs. Enterprise storage on Sun to Give Niagara Servers to Reviewers · · Score: 1

    Thinking about how the manufacturing and MTBF stats actually work, I think the real difference between enterprise and PC-class systems is that enterprise systems assume everything is going to fail sooner or later, and make allowance for it. PC systems are disposable components with downtime acceptable during replacement.

  20. Re:Regular vs. Enterprise storage on Sun to Give Niagara Servers to Reviewers · · Score: 3, Informative

    I'm not aware of any manufacturer outside the milspec arena that guarantees to test every component individually.

    Modern manufacturing is statistical. You test n components out of each lot of 1000. If more than m fail, the lot is "rejected". In the case of high-cost manufacturing, the "rejected" lot will be individually tested so any good pieces can be salvaged.

    If you want tested components, the "grey" refurb/retest units are the ones that have actually been tested. Those which "passed" the lot sampling were not individually tested.

    Warranties are also purely statistical. They don't guarantee the drive will actually last that long, they just provide MTBF numbers, figure 24x7 server operation, and that provides the number of years the drive is expected to survive. You still get occasional failures, hence RAID-5/6 storage servers.

  21. Re:Shooting themselves in the foot on MPAA Files Lawsuits Targeting Major Torrent Sites · · Score: 3, Interesting

    The problem I see is that they take down legal content in the pursuit of pirated DVDs. Why should the BT community that isn't pirating DVDs be paying for the abuse of a few?

    With the approach the MPAA applies, bars, clubs, etc. would be shut down when a couple patrons are arrested for drug dealing or prostitution because they're "enabling" the illegal activity. For some reason, there doesn't seem to be a lot of precedence for the *AA approach of shutting down entire businesses when pursuing a few criminals.

  22. Re:Biased article? on DRM Based on Trusted Computing Chips · · Score: 1

    Quite welcome. It's fun to bounce around ideas instead of just making a comment and disappearing from the thread. :)

  23. And how they fight -- until it costs money on Microsoft Stoking the IP Fire · · Score: 3, Insightful
    http://news.zdnet.co.uk/software/windows/0,3902039 6,39251045,00.htm

    Microsoft is full of it when they claim they'll provide indemnification. They roll over and pass along the expenses to end customers like a lot of other companies.

    Indemnification is advertising speak for "we're as screwed by the patent system as anyone, but our PR people figured out how to put a positive spin on it."

  24. Re:Biased article? on DRM Based on Trusted Computing Chips · · Score: 1

    Ok, let's paint a picture of how I see a DRM-OS world panning out:

    Hardware manufacturers provide a "hobby" key with every board they ship. The hobby key lets you run an unauthenticated OS on DRM, such as your home-brew build of Linux. The resulting OS itself may or may not be trusted by a media application, depending on the policies of the media application provider.

    "Official" OS vendors such as Novell/SuSE, IBM, Sun, HP, Microsoft, Apple, etc. are provided with "certified" keys for the DRM chips. The DRM system automatically rejects virus infections or mods of the OS that aren't authorized by the vendor. i.e. An OS installation with a support contract is a guaranteed known starting point for third-party vendors to build and deploy products.

    The next complaint people have is that you're being "forced" to buy an OS if you want media playback. With virtual hosts, that is a non issue. The base OS is a full DRM-enabled system that has licensed/supported media playback, the hosted/sandboxed OS might be DRM-enabled or it might be your hobbyist build. You still have playback access via the base, but not the opportunity to "crack" the media with a modified OS. Maybe some bright person even works out a way that the hosted OS can control/request the base OS to handle media playback that seems to be under the control of the hosted OS, but is actually just a window/portal to the base/DRM player (think X11, but handled by the base OS so the playback remains sandboxed.)

    The third parties can rely on DRM to ensure that their software is deployed on a certified OS. For example, DB/2 UDB Enterprise might refuse to run on your home-brew Linux, but the developer edition wouldn't care about OS certification.

    What some view as a "lock out", I view as pure opportunity for support and service vendors. Now you can have an SLA that means something, because all the vendors are dealing with replicable environments.

    Think about it.

    Your OS vendor provides a known state and patch level. DRM protects the core OS from modification, viruses, etc.

    The third party vendor and OS vendor are responsible for keeping their releases in relative sync so that you don't get the common situation of "patch hell" where there are only a very few possible combinations of patches that will allow a particular group of third party applications to coexist. DRM allows the OS vendor to force the third-party vendor to keep their stuff up to date as well.

    Think "maintenance and support contract", not home user, not home developer. The corporate and internet enterprise environments need DRM or equivalent to deploy and manage stable infrastructures that can't be interfered with.

    OSS redefines the market as service based instead of product based, but it introduces an instability to the core OS that (theoretically) isn't there with a vendor OS. DRM allows a hybrid model -- OSS sharing of source, with vendor-certified DRM builds provided for a support contract.

    Note the point is not to force you to license a seperate copy of a DRM OS for each box, but to ensure that the box is maintainable in a distributed environment. Everyone who has worked even a moderately large company knows of dozens of horror stories of rogue/infected PCs damaging data, costing time, costing money, and sometimes costing legal fees.

  25. Re:Biased article? on DRM Based on Trusted Computing Chips · · Score: 1

    Fair enough.

    But as long as you are not forced to run a particular OS/hardware combination to access the 'net, I honestly don't see the problem.

    OS manufacturers have to be provided appropriate keys for enabling an installation against the hardware. That has to remain open and flexible, but it is a social/regulatory problem, not a fundamental issue of the hardware binding.

    As to the data, sorry, but nothing I read in the GPL since '86-'87 or so has ever attempted to restrict a user's data, nor what kind of data they manipulate with GPL utilities. You wanna use GNU C++ to build the control system for tactical nuclear delivery systems -- go ahead!

    You wanna use GNU utilities to encrypt media files and share keys -- we wanna change the license to stop that. WTF?!?!?!?

    No one has ever had an issue with encrypting bank statements, customer data, other business information, porn archives to hide from spouses or roommates, etc. Now that this one particular use of encryption and locking threatens media piracy, it's an issue that needs a license change to fix?

    Sorry, no. I don't buy it. Most technical issues of media portability can be addressed, but no one is posting suggestions on how to do that. Instead they just whine that they aren't going to be able to copy media without restriction. As I can't think of any need for unrestricted copying other than blatant piracy, I have no sympathy for the whining.