Slashdot Mirror


User: v1

v1's activity in the archive.

Stories
0
Comments
4,784
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 4,784

  1. Re:Yet, VERIO.NET are happy to host spammers on Cryptome to be Terminated by Verio/NTT · · Score: 1

    I have found that "but you let the OTHER GUYS do it" makes for a poor argument that rarely gets you anywhere.

    Saying "we don't allow THIS and THIS" does not bind a provider to applying the rule to all their customers. Instead it allows them to selectively enforce that rule for any subset of their customers that they choose to. This is so if one of the unlucky few that get the hammer does complain, the provider can say "but we told you so, we are just doing what we said we can do." AUPs are not to protect and empower the customer, they are to protect and empower the provider. Good providers provide carefully worded AUPs that exactly cover the behavior they want to curtail, and enforce it with nearly 100% consistency. Bad providers publish loosely worded AUPs that could be interpreted to apply to a good portion of their customers, and then only invoke the AUP when they have some random reason which often has nothing to do with the apparent intended spirit of the AUP.

    There is nothing to stop a provider from saying they may terminate your service without notice if you are found to consume oxygen. That's a little blatant, but you get the idea. Just another way of making sure they have an excuse to do as they please and as is their right anyway. Complaining about this practice accomplishes nothing.

  2. where do we send the card? on Jack Valenti, Dead at 85 · · Score: 1

    the thank-you card, I mean.

  3. "protected environment"? on Sony Takes on YouTube with Video-Sharing Site · · Score: 4, Insightful

    translation: "... with DRM up the wazoo"

    (collary: "viewable only with windows vista")

  4. been there done that on Major Anti-Spam Lawsuit To Be Filed In VA · · Score: 1

    I run my own mailserver and I can generate a unique email alias on a whim, that forwards to my main account. I use this whenever I need to give my address to someone that I either don't trust or want to be able to track.

    I usually include part of the vendor in the address so I can remember it easlier. So like for NewEgg, I give them "v1newegg@vftp.net". Any email I receive that is addressed to v1newegg@vftp.net, I know exactly where it legitimately could have come from. If it comes from someone selling prescription drugs at a discount, I know that one of two things has happened:

    (1) newegg sold me out
    (2) newegg's incompetent IT department allowed a spam virus to run loose on one of their internal machines and it harvested my address and sent it to the spammers.

    While I'm sure that 95% of the cases are (2), neither is any worse than the other, as they have the exact same effect on me.

    One I sent to was for ford, I wanted some dealers in my area to contact me about a hybrid. I got my calls. Six months later, one spam per day arriving, addressed to v1ford. I don't believe ford sold me out, but likely one of their dealers that they sent my email to to contact me, was owned and got my name on the list.

    Fortunately, when this happens I just delete the alias and stop doing business with them, I give my real address out to my friends and family, though I probably shouldn't even do that. Who knows when a friend of mine is emailing me from someone else's PC and gets me nailed. If the spammers get my real address, I am screwed.

    I tried to do this with my mom, but she knows so many people with PCs, her main address was on several lists within two months. Amazing how windows security even screws with the mac users.

  5. Re:Oh, come on! on Why Are T1 Lines Still Expensive? · · Score: 4, Informative

    A T1 doesn't guarantee anything... it isn't anything. It's just a pipe. Typically a T goes either between offices in your business, or between you and your ISP. You still have to pay someone to fill the pipe if you want internet. The big difference appears to be the scale. When a cable co moves in, they run cable all over the place, and when someone subscribes they just jack into their already installed network and there you go. T's require a bit more setup, both on the poles and at the central office. Where they send out Bubba to install your cable modem (drill a 1/4" hole in your floor usually, so much for "professional installation") then they tap a few keys at the office and bam you have cable. It's getting easier now with T1's but it's still not that simple. The T itself does have some guaranteed service though, but that's not so much for the bandwidth it will carry, but for whether or not it will be UP. (uptime for most Ts is well over 95%) Businesses usually are last on the list when a pole gets hit, even after residential customers. Where I worked our pole got nailed and it took us down for about 5 hours, but houses in the area were back up in less than 50 minutes.

    Once you get the T to your ISP you have to pay them to fill the pipe. This can be any amount you are willing to pay for, both upstream and downstream, up to the limit of the line.

    Upstream is the killer though. I run my own web server and mailserver etc so I need upstream, and I pay dearly for it. I have a "business class" DSL line that is 936/1536, compared to the consumer grade 256/1536. For that I pay over three times the cost per month. If they offered 2mbit upstream for more I would probably get it but they don't offer it here. I suspect the upstream is expensive because it is a much more limited resource. To save costs, service providers probably buy only so much upstream and so much downstream. Typical users use what, 92% down and 8% up. Me it's almost the other way around. Because of that they lease say 2000 units of downstream and 250 units of upstream from their provider. If everyone fires up bittorrent etc on their network it kills their upstream and that 250 goes real fast and their customers complain. So they either have to pay for a fatter upstream, or charge more and start capping. Obviously they cap. They go from 95% of their customers being unhappy (slow, long ping times, timeouts) to 5% of their customers being unhappy. (upstream sucks, try emailing mom your new home movie!) Obviously they choose to upset 5% rather than 95%.

    I heared that in Italy you can get a T1 for cheap, but I'm sure it comes with no guarantee.

    well, the T is guaranteed. If you get a 24 (26?) channel digital line you are gonna get 1536 up and down, period. Now what's on the other end of that line, that could be anything. If your ISP has not overbooked its bandwidth and has a sane network arrangement, you can expect 1450 or so both ways in most cases, downloads topping out around 1520'ish. I have not had the displeasure of using an ISP that overbooks yet, but they're out there, I'm sure of it. In that case you might get lower speeds up, down, or both - hard to say. I have never heard an ISP guarantee anything though. If they did, the next flashmob that occurred on CNN with half the country downloading video of the latest terrorist attack, sure enough everyone's download would suck at once and their phone would be ringing demanding a comp'd week of service or something. So I guess you can't blame them for not being able to handle flashmobs.

    Checking my line now,
    Connection Status: Speed (down/up): 1536 / 992 Kbps

    mmm 992 that's faster than last I looked. It's gone up slowly over the last several months, no idea why but I'm not complaining. Rather surprised to see I am only sending about 2x as many packets as I am receiving. But I'm sure the send packets are quite a bit larger than the received ones.

    None of this explains the cost of the functional digital line. I believe

  6. more interesting title on Russia's Floating Nuclear Plants Under Fire From Greens · · Score: 1

    "Greenpeace firing salvos, aiming to sink floating nuclear plants"

  7. make it easier on the hackers on Hackers Invited To Crack Internet Voting · · Score: 1

    It seems that with things like this, they usually fall because the programmers are either incompetent or lazy, and do not write code that is secure by design. Because of that they are scared stiff that someone will get a peek at the source code and find their sloppy hacks, identify careless assumptions, or discover that the outwardly formidable security is based on a model with a difficult to fix design flaw.

    So they should publish the source code to the machines. There's nothing like a good public mugging to quickly uncover any stupid code. As is well known, any security code that cannot withstand public review is worthless. Anyone that says their code has to remain private to remain secure is admitting their code is NOT secure, and that it's merely a matter of time before it's compromised.

    Hello Diebold, are you LISTENING? idiots.

  8. Re:Look at a map for your answer. on The World's Longest Tunnel · · Score: 1

    Indeed, step 12 I believe

  9. Re:Look at a map for your answer. on The World's Longest Tunnel · · Score: 5, Insightful

    reminds me of that "100 things I will do if I become an evil overlord". High on the list was something like "I will hire an average 5 yr old as an advisor. Any flaws in my master plan that the child uncovers will be corrected before the plan is implemented." Humorous but insightful. (does that get me a +2?)

  10. how secure is vista, really? on Vista For Forensic Investigators · · Score: 2, Interesting

    The macintosh home folder security is called "filevault", and uses encryption to encrypt the entire user home folder, where most of the user information is. The actual key to the vault is large (128bit aes?) and is stored at the start of the vault, but the key is encrypted using the password the user provides when it is created. Another copy is stored there, encrypted using the master password's certificate, which is encrypted using the master password. So if you lose your password and lose the master password, the data is truly gone forever, and there is no "back door" at Apple. There's nothing stopping you from deleting the master key, it's one document easily located. There is no known back door to the filevault system, and the system is very careful to point out if you lose the password and master password, your data is irrecoverable. The master key requires you to enter a password because the key itself is also encrypted, so simply having access to the master key certificate is not useful in breaking into a locked vault, because the master password is required still.

    From what I have heard, all rumor and third-party, windows' encrypted home folders is worthless from a true security standpoint. I have been told that there is a master key in use similar to the master password in OS X, but that it is not one that the user makes, it comes pre-made from microsoft. No one outside microsoft has the private key to unlock that certificate. So if you lose your password, YOU are screwed, but if microsoft really wanted into your data they could get into it. (or let someone else into it) I don't know if there is a documented way to erase this copy of the image's crypto key encrypted with microsoft's back door password. Also I wonder if an administrator could simply reset the password on the account and then login with the new password to just waltz by the entire security of the system?

    How much of this is fact and how much is fiction? We have seen time and time again that security by secrecy and security by "but we would NEVER misuse our master key" is a complete laugh, because (A) the secret ALWAYS gets out, and (B) someone ALWAYS ends up misusing the master key. In this respect I feel sorry for the windows users because the wolves are guarding the sheep.

    Sidenote: OS X also has a built-in feature that lets you create a regular encrypted disk image. When you make one of those, the machine's master password is not used to store another encrypted copy of the image key as with filevault, so those disk images have only one actual key. I use this to store a password list on my flash drive because of how easy they are to lose, and I am completely confident that anyone that finds the flash drive will be absolutely unable to access my information. I assume that a 3rd party solution is required for windows users?

    Somewhat OT, but I have also been told that it's essentially impossible for even an administrator to just read another user's data on the same hard drive, that they have to "take ownership" of the files to read thm, thus altering the data. Yet viruses apparently can multiply at will, infecting all accounts on the computer. Why is it that the viruses have no problem circumventing windows security while at the same time it's nigh imposible for the administrator to do the same thing? Tha does not make sense.

  11. ok it's not a poll, but "missing option" on PC World's 20 Most Annoying Tech Products · · Score: 4, Insightful

    pop-up ads. Heck include pop-under ads too please. Why didn't they consider this? Given consideration, I bet it would beat out AOL hands-down. If you really want to go that route including things like antivirus software, why not just include a Viruses and a Spyware category? Maybe viruses wouldn't get a ton of votes but spyware? rock the charts.

  12. Re:You have to say this for the Russians on Gary Kasparov Arrested Over Political Fight · · Score: 1

    no, in the US you get declared an "enemy combatant" and then you just disappear.

  13. Re:Want to know why? on US, Asia, Europe Ceding Web Dominance · · Score: 1

    what I don't get is why that is a working business model. There are so many ways to toss an ad in front of someone that is not interested in your product, why are the "related search" parked domain sites proffitable? If you are an advertiser surely you would pay more for an impression on someone that had even a small chance of really being interested in your product, rather than an ambush ad? I don't get why they pay anything significant for those clicks. 100% of the time when I typo a url or something like that and land on a "related searches" page I close it immedately and try again. I guess there must be more people/(suckers) that click on the ads in those pages. I suppose you can call them the ones that are ultimately responsible for the problem, since if there were no payoff they would knock the crap off.

  14. Re:Why? on MS Requiring More Expensive Vista if Running Mac · · Score: 1

    Windows has to have drivers that work with their platform. When you install XP in say, VirtualPC, it has to use the VirtualPC video, audio, and many other drivers to work well with VirtualPC. MS only has to check for those drivers and if they're there, they know they're "in the box" and will cry if you don't pay the MS Doesn't Want You To Use Mac Tax.

  15. imaging on Best Way to Image and Deploy Dual-Boot Macintosh? · · Score: 1

    We have about 250 machines here, but none of them dual boot. We have a base image made for each specific group of machines, so for example the graphic lab has the adobe software on it etc. All said we have about 9 images we use. For now we put them on a 250gb firewire drive and take them where we need to image. When we get more server horsepower I plan to push for netrestore and netboot, so we can restore base images over the network from the server but for now only the backbone is gigabit so we are near our limit for good performance.

    For the PCs we use Acronis True Image and for as much as I don't like PCs, it seems to work pretty well for both imaging and restoring.

    Does netrestore not work for your dual boot machines? Have you tried Acronis?

  16. long-lived systems on Preparing for the Worst in IT · · Score: 1

    like the internet, that are publicly under attack by thousands of malcontents a day are not necessarily secure, but have become hardened over time. And that is why they are still around today. If the internet was a fragile creature it would have been killed long ago. Although we have seen viruses that travel through the internet, we have yet to encounter a virus that attacks the infrastructure itself. Although there is always the possibility that this is related in part to random chance, I like to think that anything that has survived in a hostile environment for a period of time has proven itself simply by continuing to exist and function.

    If anything is going to threaten the internet it would be a lack of variety in the model of routers used around on the backbone. I don't have any numbers to lok at, but I hope they are using a wide variety of manufacturers and models, so that a virus capable of subverting a model of router would not make it very far.

    Right now the biggest threat to the functionality of the internet appears to be Windows. Highly successful viruses like Code Red showed that vulnerabilities in Windows combined with its popularity can lead to a severe performance hit on the internet as a whole until the problem is cleaned up. In that case the internet was hit as a side-effect, and the traffic of the virus trying to propogate was what caused the impact. If the virus had been written to say, 10 minutes after infection to stop trying to propogate and start DDOSing its nearest router, we could have had a very serious problem.

  17. Re:Emmentaler vs. Gruyere on Mars Global Surveyor Died from Single Bad Command · · Score: 2, Insightful

    In most complex problems where catastrophic failure occurs, the problem manifests as a result of multiple smaller failures that combine in an unfortunate way, or as a chain reaction. By nature, people will want to narrow down the problem so they can identify a "cause". This is sometimes not appropritate as we see here, where a collection of less critical failures lead to catastrophy, any of which having been avoided would have prevented disaster. It's a bit like team theory... after losing a game the coach does not go looking for the one player that lost them the game - it's a team effort and everyone is involved and bears some responsibility. Unless someone made a blatant and major mistake that was responsible for the vast majority of the fallout that resulted, you have to accept that no one was "at fault". In this case several people made minor mistakes that by themselves are minor, but combined in such a way proved fatal to the craft. It's not anyone's fault, these things happen. All you can do to prevent this from happening again is to tighten up procedures to try to lower the number of minor failures that will occur (and you must accept you will never get them all) and to institute more review/backstopping to make it more likely that not only minor problems will be identified and fixed, but also that the result of complex interrelated events is predicted and prepared for.

  18. this wouldn't be a problem for them on Vonage Allowed to Sign New Customers · · Score: 1, Interesting

    The appeals judge agreed with Vonage's argument that the amount of consumer churn that Vonage or any telco suffers from would surely mean disaster for their bottom line, were they denied an influx of new customers.

    ... if they offered good enough service to actually have some customer loyalty and not spend all their days chasing around the customers from provider to provider, looking for someone that won't give them the shaft. If you have that much turnover with your customers that you are slamming them with like $350 "early termination fees" just to hang onto them, maybe it's time to review your customer satisfaction levels? Use good customer service and a quality product to keep your customers? What a novel concept!

    They should have not gotten the stay. It would have been a good lesson for them to actually do something to keep their customers, besides raping their phonebill if they leave. If I were the judge I would have said OK you can sign on new customers again, but for now we are capping your early termination fee at $20. That wouldn't put them out of business but would make them clean up their act, and isn't that what the judge is supposed to be making happen?

  19. could those results be skewed a tad maybe? on Vista Taking a Nibble Out of Apple in OS Wars? · · Score: 1

    The figures are from a company called Net Applications, which collects its data from the browsers of visitors to its network of 40,000+ Web sites."

    I would just roll on the floor laughing if some of those "web sites" of theirs were offering antivirus software or spyware removal tools for download.

  20. Re:QW strafejumping on What is the Best Bug-as-a-Feature? · · Score: 1

    I was going to spend some mod pts on this thread but owell.

    My favorite UT bug is the lift/hammer bug. I believe the map was phobos, it's got three very tall spires outside that have bright lights at the top. Their tops are totally unreachable, maybe 300 ft from the highest surface. But on the map there is a fast lift that stops at the top of the structure it's on. Nearest I can tell, when you get on a lift and the lift goes up, it changes your velocity to the velocity of the lift so you stay on it. When the lift gets to the top, anyone on the lift gets their vertical velocity reset to 0. This is a very fast lift so it is setting your Z really high when you are taking the lift up.

    So, take the lift. When it is juuust about to the top, hit the impact hammer down. They thought about the possibility that you jumped near the top and that's prevented from working, but the hammer they must have overlooked. So when you reach the top, the hit from the hammer has pushed you just a hair up off the lift and then the lift stops. Since you're not ON the lift, you don't get your Z reset, and you go flying up to the top of the map like you were shot out of a canon. It's a low gravity map, so you won't die when you land. The trick now is to land on a spire. It's a single point and is probably only about 1'x1' in game physics for purposes of landing on it so it takes a few tries. It's a long fall, the entire map is less than 2" wide on your screen when you apex.

    Now sit up top with the sniper rifle and stump your friends for a long long time. You will get headshots on anyone that steps foot outside, no matter what they are hiding behind. The arc light that is at the top of the spire makes you EXTREMELY hard to see, even when fully zoomed on on with the sniper rifle. If you want to add to the confusion, jump up, shoot the translocator straight down, and straff off to the side and fall down. This leaves your translocator up there, and you are free to go grab more sniper ammo and return immediately to your perch.

    This is not a frequent bug to use, as very few maps have lifts that top out at the top of a structure. I suspect most lifts stop and require you to walk forward out of a doorway to prevent this bug from being exploitable.

  21. Re:Companies can restrict outbound port 25 connect on Fortune 1000 Companies Sending Spam, Phishing · · Score: 1

    Changing your SMTP server like that is exactly what you SHOULDNT do in terms of proper spam solutions. SPF (usually) says you have to send your bob@isp.com emails through smtp.isp.com, not smtp.workplace.com. If workplace.com is blocking outbound port 25, shame on them.

    So you have a better, simple idea, that has a prayer of being implemented by anyone? Their policy of not allowing outside SMTPs completely solves the problem of open relays, and that's a powerful feature. It forces all outgoing mail to go through them, giving them a degree of control over the spam that no other solution offers. So with a minimum amount of dillgenece by your ISP, close to 100% of the zombies are unable to spam. Why is this a bad thing?

    I suppose a better, although more expensive and complicated solution would be to transparently proxy any outbound traffic on 25. Any attempt to use an open relay (ie not authenticate) is dropped. That would eliminate even the minor inconvenience I am experiencing.

    Even though this change must be made by a large number of uncoordinated ISPs, it's not like the system is totally useless until you approach 100% implementation. The more that implement it, the better it gets for all of us. So I'm glad to see there are some ISPs that are getting the ball rolling. Now we just need more to get on board, since THEY are presently the soure of spam. So many spam solutions try to prevent you from receiving spam, not preventing it from being sent. They are trying to treat the symptoms rather than the cause, and that's just not going to work.

  22. Re:Companies can restrict outbound port 25 connect on Fortune 1000 Companies Sending Spam, Phishing · · Score: 1

    port 25 is not used to check mail, it's used to send mail. port 110 (POP3) is used to receive email and there is little or no reason for a firewall to block it. Port 25 is what the spammers are interested in because that's SMTP for sending mail.

    Both companies I work for get their internet service from a provider that blocks port 25 at the head end. If you want to send mail, you must send using their SMTP server, it is the only IP address exempt from port 25 traffic. If a spambot is dim enough to try to use the victim's own SMTP server as specified in their mail account, the ISP's filters spot it in an instant since it's going through their own servers, the customer's cable modem is remotely shut down, and they get a phonecall. They won't get internet back until they have cleaned up their computer. That's how it should work everywhere. While this is not a policy here, I have heard of ISPs that go a step farther and you have to request a tech come out and install antivirus software on your machine and certify it clean before they turn your service back on. That provides a financial responsibility to not get your computer owned, since you are paying for that service call every time it happens. I have also heard of a few ISPs that drop you as a customer if you hit your 3rd offense. I have no problem with any of these policies.

    Now this is minorly annoying as if I read an email on my home account when at work, and I hit reply, I have to change the SMTP address from my home server's to the internet provider's here at work or it will timeout. Though considering it's blocking 98% of the spam zombies on their networks from pumping spam, I think it's an excellent tradeoff and it doesn't bother me so much.

  23. being intentionally stupid on Viacom Says "YouTube Depends On Us" · · Score: 1

    He also argues that putting the onus of spotting infringement onto the content providers represents an undue burden on them.

    That's like saying we should do away with the cops and make the criminals legally required to turn themselves in, to reduce the "undue burdon" on the legal system. Is there anyone in the world that is actually saying "gee why didn't they think of that earlier?"

    How do you respond to such a ... god there really isn't a good word for it... what do you call it when someone has the balls to say something, straight-faced, that they know is totally false, say it like it's true, say it like they mean it, and all the while realizing that not a soul is buying it?

    "just dumb" doesn't begin to cover it. Belligerent maybe?

    twits.

  24. Re:small addition on Surprise, Windows Listed as Most Secure OS · · Score: 4, Insightful

    The big comparison I make is the severity of the problem. A lot of the security fixes seen in OS X are related to applications, things like "a maliciously crafted quicktime movie could lead to elevated privleges". This is a whole world different than "a buffer overflow in the TCP stack allows remote code execution". The former you can get hit by if you are running malware, the latter comes and gets your computer and integrates it into another botnet while you sleep.

    I'll take the former over the latter anyday. Most of the nasties windows copes with are things that will ambush you when you are doing what should be totally safe things, like browsing a web site or just plain being connected to the internet without a firewall. I don't know how anyone can claim a system that is just plain unsafe to connect to the internet without spending three hours patching it and loading up defensive software is more secure than anything

  25. Re:Declared guilty? on RIAA Caught in Tough Legal Situation · · Score: 1

    You are looking at the end, I am merely examining the means. One settlement monitarily does not matter, and that's all it is right now, is just one. But this one, if it happens, will pave the road to many many more, and as you point out, THAT is what worries them. They would gladly pay this person a huge sum of money, much more than her settlement would be, to drop her counterclaim if they came to the final day and were about to be handed a Not Guilty With Prejudice verdict. They would spend any amount of money necessary to get a Without Prejudice verdict, because they know in the long run that the other verdict will cost them a great deal more in the future.