Slashdot Mirror


User: Futurepower(R)

Futurepower(R)'s activity in the archive.

Stories
0
Comments
6,878
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,878

  1. SEND A MESSAGE TO JEFF BEZOS! on Amazon Slaps Orbitz and Avis With Patent Lawsuit · · Score: 1


    Send a message to Jeff Bezos. Don't buy from Amazon.

  2. Slashdot error? on Microsoft Books and Certifications? · · Score: 1


    Slashdot error? Please see comment: 13057950.

  3. Should EFS be used in corporate SA environments? on Microsoft Books and Certifications? · · Score: 1


    For me, the entire issue is whether EFS can and should be used in a corporate environment with stand-alone computers.

    I found the page about recovering from EFS problems: EFS Encrypted File System recovery.

    This gives a map of how things are stored: "Unfinished 1024*768 image giving a brief overview".

    For $99 you can get a program to decrypt EFS files without knowing the password: Advanced EFS Data Recovery. I haven't tried it. Elcomsoft is a very well-known company.

    Answer to your comment above:

    1) There must be a way to make encrypted backups of encrypted material, both live (on another computer) and on optical media.

    2) What would be interesting is if you could recover encrypted files on another computer. The whole issue is whether you have a real backup. A situation in which you used a Microsoft product on one computer, as you have above, will never be a true test. The test you did is interesting, but actual recovery must be available on another computer.

    3) There is no way to detach EFS decryption from social issues. People are led to use encryption by the ease of starting to use EFS, without any warning that there is a need to follow a procedure to save "certificates". People entrust information about their lives and their business to computers. That trust must be strongly supported.

    My guess is that somehow Virtual Server provides additional information not available to another stand-alone computer.

  4. OLD publication: Updated July 12, 2002 on Secure Your Network NSA-style · · Score: 1


    From the cover page of the NSA Guide:

    Updated July 12, 2002

    Version 1.2

    The Guide has been the same for almost exactly 3 years.

  5. It's Slashdot comment fanaticism. on The End of a Floppy Era · · Score: 1


    You're right. It's Slashdot comment fanaticism. I hope that no one reading what I wrote will start a war. Maybe George Bush will read it and use it as an excuse to invade Iran. Nothing like another war to make his friend's and family's weapons stocks go up.

    --
    If your gov't chose killing as policy, expect others to choose the same.

  6. Bah! Pottery sometimes breaks. on The End of a Floppy Era · · Score: 1


    "Floppy nothing. In my day we etched our data into pottery."

    Well, you must be young. In my day, before pottery was invented, we had a lot of wives (those of us who could afford it), and taught our many children all that we wanted to remember. Pottery breaks. Writing on pottery is new-fangled and unreliable.

    For serious data storage and reliable backups, having lots of children is the best.

  7. Excellent, it works! on Flurry of Security Patches · · Score: 1


    Thank you very much. The new Windows Update doesn't work with one of my computers. The link you posted works fine, and I would rather put all the patches on a hard disk, anyway.

    Microsoft Internet Explorer is one of the most buggy software packages I've ever seen. Windows Update isn't as buggy, but it's trying.

    Security is definitely not one of Microsoft's priorities, unless the priority is to have the most vulnerabilities.

  8. EFS & stand-alone computers? Can you make it w on Microsoft Books and Certifications? · · Score: 1


    Interesting. I've spent many hours trying to make it work, exactly as you say. I have plenty of test computers here, so that's no problem.

    I would like you to try it yourself. If you can do the steps below successfully, then it would be great to work with you to understand how to do it.

    My best understanding is that Windows XP generates an additional password that is not in the certificates, and ties EFS encrypted documents to that generated password and to the user's logon password, as well as the certificates. Restoring the certificates makes no difference. I had no trouble making and restoring the certificates. But I was never successful at accessing EFS encrypted data on a second stand-alone computer, when neither have ever been part of a domain.

    Here's what I've done:

    1) Make a test folder, and encrypt it.

    2) Backup the certificates, exactly as described in the documentation.

    3) Copy the encrypted test folder to a second computer, using xcopy on a peer-to-peer network.

    4) Log in to the second computer with the same user name and password.

    5) Restore the certificates from step 2 to the second computer.

    6) Try to access the encrypted test folder on the second computer.

    7) I always got an access error. I was told by Microsoft technical support that there was no way to make a restore to a second computer successful.

    However, Microsoft does sell a tool that costs more than $200 that apparently does allow recovering the generated password. There is also a web page written by someone with poor language skills, not an employee of Microsoft, who tells how to recover the generated password manually. I haven't tried either of these, because the EFS documentation is sloppy enough that I began to be scared that there would be other shortcomings.

    If you search Microsoft newsgroups, you will find many people who have lost their data. It's very easy to get started with EFS, and the steps to get started make no mention of certificates. It would be easy for there to be a small window that says, "You must back up your certificates. Click here." But there is no such warning, and people are losing their work because they have not backed up the certificates, and also because the documentation says nothing about the apparent fact that EFS does not work with stand-alone computers, since there is no way to do a working backup.

    If you are able to do EFS backups and restores on stand-alone computers, I would very much like to work with you.

    In my opinion, Microsoft has a huge problem with documentation. The company's document development seems to go like this: 1) Someone writes a rough draft. That person is not technically knowledgeable, and leaves out important information. 2) Whoever acts as an editor, if anyone, has a very weak influence. 3) It is discovered that information must be added. But writer convenience rules. The new material is not integrated into the old material. Instead, a new web page or new article is written.

    As I wrote elsewhere, the SchTasks documentation is a good example of this. Look at the second line: To view the command syntax, click the following command:

    However, notice that there are no links. Notice that the line: schtasks create should be bold, but isn't. It should say that this command replaces AT.EXE, but it doesn't.

    In my opinion, Microsoft's sloppiness with documents wastes the time of intelligent people and is self-destructive. By far, one of the best ways for Microsoft to compete with Linux is to produce extremely good documentation.

  9. Another example of Microsoft's abusiveness. on Microsoft Books and Certifications? · · Score: 1


    Here's another example of Microsoft's lack of caring toward its customers: The SchTasks documentation.

    Look at the second line: To view the command syntax, click the following command:

    Notice that there are no links.

    Note that the line: schtasks create should be bold, but isn't.

    It should say that this command replaces AT.EXE, but it doesn't.

    A list of all of Microsoft's abusiveness would require many, many books.

  10. TrueCrypt: Have you had any problems? on Microsoft Books and Certifications? · · Score: 1


    Thanks for the information.

    I've been worried about TrueCrypt, because the latest version fixed a lot of what look like serious bugs. I wonder how many other bugs are there.

    Have you had any problems?

  11. I stand by what I said: EFS not for stand-alone c. on Microsoft Books and Certifications? · · Score: 1


    Your post amazes me. I said in my grandparent post that Microsoft Technical Support staff agrees with what I've written about EFS. Yet you assume that you know everything about the subject, and cannot possibly have made a mistake.

    It is VERY easy to encrypt a folder: Right-click on a folder. Choose Properties/ Advanced/ Encrypt contents to secure data/.

    It is very difficult to realize that all of Microsoft's technical documentation leaves out an important point. The documents about backup methods don't mention that they don't work with stand-alone computers.

    How is "generates a hidden password" a vague claim?

    Your comment helps support what I've said, that Microsoft technical literature is of amazingly poor quality, by giving links to 6 articles about how EFS works.

    It is VERY easy to get started with EFS on a stand-alone computer. It is very difficult to know that it is not possible to back up all the passwords.

    My comment applies ONLY to stand-alone computers, not those that are part of a domain.

  12. Windows XP makes another password, not backed up. on Microsoft Books and Certifications? · · Score: 1


    I was talking about people who did not lose their password or encryption certificates, obviously.

    The problem is that Windows XP makes an additional password, one that is not backed up using any of the tools or documents provided. That automatically generated password is necessary, as well as the user account password, to decrypt the files.

    If a computer is stand-alone, not part of a domain, then backing up everything, reformatting your hard drive, and reloading Windows XP will result in not having access to any of your EFS encrypted files.

    The hidden, automatically generated password is not documented in any place that I was able to find. Microsoft Technical Support representatives agree with what I've said here.

    The open source Truecrypt may be a far better choice, but I haven't tried it yet. Sourceforge hosts Truecrypt.

  13. MS books seem written for ease of the writers. on Microsoft Books and Certifications? · · Score: 4, Insightful


    "... I simply read the Microsoft Press books related to the test. However, I found those particular books to be quite useless..."

    Thank you for saying that. It's good to see the relative uselessness of Microsoft publications be discussed publically.

    When I try to analyze why MS books and web sites are so useless, I come to the conclusion it is because they are written with the philosophy that most important issue is the ease of the writers, not the ease of the readers.

    I suppose that Microsoft writers and editors think "Why try harder?" Anything they publish will be sold to people who don't have enough expertise in the subject of the book to realize that the book is very scattered and that it leaves out important information.

    For example, consider the file encryption in Windows XP, called EFS, Encryping File System. EFS is very poorly documented. The encryption is tied to the user's password in a way that is apparently not documented. EFS depends on being part of a Windows 2003 Server domain in a way that is not clearly documented; if you are using Windows XP on a stand alone computer, there are situations in which you can lose your files forever, even if you have made all the backups suggested in the Microsoft books and web sites.

    (Microsoft Technical Support agrees with what I just said, and provides no help or workarounds.)

    The official Microsoft forums contain complaints of many people who have lost their files due to problems with EFS.

    --
    If your gov't chose killing as policy, expect others to choose the same.

  14. Shocking ignorance of U.S. government activities on Understanding Mac OS X Kernel · · Score: 1


    It's shocking how ignorant people are of the activities of the U.S. government. Look at some of the other replies to the parent post.

    Most openly managed organizations have great difficulty staying on track. Secret organizations develop bad habits very quickly. In secret organizations, cover-ups become habit. Even the cover-ups themselves can be kept secret from other people in the same organization.

    Supposedly, U.S. spy agencies are not allowed to break U.S. laws. However, organizations that hire people to break the laws of other countries don't suddenly have moral control over the law-breakers when they return to the United States.

  15. UltraVNC. AutoIt. OpenVPN. on Best Practices in Workgroup Maintenance? · · Score: 3, Informative


    I've found that UltraVNC is the best VNC. Version 1.0.0 was released on 24 Jun 2005, but it is a quite advanced package. Be sure to install UltraVNC with the video driver, which is not included on Sourceforge.

    AutoIt is by far the best open source software for automating Windows installs and other tasks in which the program pretends to be a user. There's an IDE with an Intellisense-like interface and a compiler.

    I've heard that OpenVPN is the best software-based VPN, but I have not used it. There are hardware firewalls with VPNs; I suggest you stay away from Netgear's, which I have found to be quirky.

    --
    Bush lied, 100,000 died. J.C. said not to return violence with more violence.

  16. NSA deciding how to break into Mac computers? on Understanding Mac OS X Kernel · · Score: -1, Offtopic


    From the Slashdot article: "... the slides are from a talk given to the NSA."

    The probably reason that NSA staffers are interested in this subject is to decide how to break into Mac computers. The NSA and other U.S. government organizations are the most well-funded spy organizations in the world, by far.

    The NSA is an interesting U.S. government organization. Most U.S. government organizations are expected to follow the law, but the NSA and many other secret agencies are allowed to break U.S. laws and the laws of other countries. This attracts a lot of people who like to engage in that kind of behavior.

    U.S. citizens are expected to pay for everything, but they are not allowed to know how much they pay, or even know the names of some of the law-breaking agencies, or what the agencies are doing.

    "Blowback" is a U.S. government spy agency term for the negative results of the U.S. governments secret hostile attacks on other countries. The bombing of the World Trade Center was blowback from the U.S. government's largely secret support for killing Arabs. (The U.S. government had various justifications for the killing.) It is not a surprise that Arabs don't like to be killed. It is not a surprise that some Arabs would decide to return hostility with more hostility.

    Secrecy is incompatible with democratic government.

  17. Popup annoyance. on Another Stab at Laptop Security · · Score: 1


    It was a stupid popup. Just close it and read the article.

    The AdBlock and FlashBlock extensions to Firefox are excellent, but somehow that site found a way around them.

    --
    Bush lied. 100,000 died. Violence & lying show a lack of social sophistication.

  18. You're right, but look at an example. on Shopping Online · · Score: 1


    You're right. I've looked at the shipping costs just now, and there are not as many tricks as there once were.
    However, look at this: GENERIC USB 2.0 Cable, 10FT. Price for an item that costs about 58 cents in large quantities? $2.58. Shipping cost? $4.99.

  19. If you don't like the story, why comment? Newegg. on Shopping Online · · Score: 1


    AC, please don't comment on stories in which you have no interest.

    If you hear two women in a mall discussing makeup, do you insist on joining the conversation?

    Back to the topic. Newegg advertises low prices, but often arranges a huge profit on shipping. I notice that many companies do that. TigerDirect is so abusive it scares me. Numerous companies try to take advantage of teenagers by calling their products "Extreme", and using other manipulations. Dell often advertises more than one price for the same product. Why do companies think that being sneaky is a good idea?

  20. The accounting laws allow deception. on A $251 Million Typo · · Score: 1


    From the grandparent comment: "There is general agreement that there has been no serious change in the U.S. government and big corporations like Merrill Lynch and Citibank."

    The accounting laws are very weak, and allow hiding deceptive practices. Nothing effective has been done about the fundamental issues.

    "Learn to read and comprehend."

    It amazes me that people will express extremely strong opinions, and be extremely disrespectful, when they haven't carefully read the comment to which they are replying, nor any of the books about the subject.

  21. Most Americans know little and don't care. on A $251 Million Typo · · Score: 1


    It's shocking to me how little Americans know about corruption in their government and how the corruption has lowered the quality of their lives.

    The U.S. government has weak accounting laws that allow hiding the true profitability of a company. That's how so many people lost money in the Merrill Lynch, Enron, Arthur Anderson (28,000 people lost their jobs.), Worldcom, Tyco, Adelphia, HealthSouth, and many other cases. But most people just don't care, and the U.S. government has still done little but prosecute a few of the most open and obvious perpetrators. No effective, fundamental changes have been made.

  22. Where do I get one of those keyboards? on A $251 Million Typo · · Score: 1


    This wasn't a "12 million" error. It was $255 million dollars!

    Look at this quote from the article that was linked in the comment above titled, Stop the corruption, or you will lose money, too": "Chen Ming-tai, TSE president, said Fubon dealers made the mistake by injecting NT$7.7 billion from one of their international clients [Merrill Lynch] into the market to purchase various stocks issued by 282 companies at the highest prices of the day."

    The "mistake" involved 282 companies.

    I've made keystroke errors, but that is a keystroke error. "Why yes, officer, I set my drink down on the keyboard accidentally, and bought stock from 282 companies." Where do I get one of those keyboards that does so much work with a few keystrokes? Will it fix programming errors?

    Or, it is a lie meant to hide deceptive trading.

  23. Stop the corruption, or you will lose money, too. on A $251 Million Typo · · Score: 4, Insightful


    This subject is important. Tens of thousands of employees and investors have lost their entire life savings because of the corporate fraud in the United States. If the corruption isn't stopped, it can happen to you.

    Anyone who reads some of the books about the Enron fraud and the WorldCom fraud and the Tyco fraud, will learn that the fraud is accomplished partly by deceptive trading. It is not only the authors of the books who think that Merrill Lynch was involved in deceptive trading; the SEC and FBI think that too, as the links in the grandparent comment, to U.S. government web sites, show.

    Look at this quote from the linked article: "Chen Ming-tai, TSE president, said Fubon dealers made the mistake by injecting NT$7.7 billion from one of their international clients [Merrill Lynch] into the market to purchase various stocks issued by 282 companies at the highest prices of the day."

    Who selected the 282 companies? If you have read the books about the fraud, it is easy to guess that they were all losing Merrill Lynch investments that the company wanted off its books. That's only a guess, but it is an educated guess, given what has aleady happened. On the other hand, it is not easy to understand some of the deceptions. Sometimes investigators have required months to uncover the sneaky behavior.

    Look at this quote from the BBC article linked in the grandparent comment: "A Taiwanese stock brokerage that mistakenly bought $255 [Million U.S. dollars]..." That is more than a quarter of a billion dollars! How is it possible that the financial instruments of 282 companies can be selected by one keystroke error? How is it possible that someone who was "unfamiliar with the company's new computer trading programme" could spend $255,000,000 with a single keystroke error?

    A situation has been arranged in which we are not allowed to know the name of the employee who supposedly made the error. My guess is that the employee on whom this is blamed is not aware of any error. That would mean that this could easily be a story invented by his managers.

    If you read the books about the frauds, you will read about literally hundreds of deceptive practices such as the one I am suggesting here.

    Many people in the U.S. seem to want to be ignorant and stay ignorant about the corruption, as is seen by reading some of the responses to the grandparent comment.

  24. Probably this is just a trick by Merrill Lynch. on A $251 Million Typo · · Score: 3, Insightful


    Probably this is just a trick by a Merrill Lynch publicist, who found a way to get free publicity. Or, maybe it is a way to distract people from some fraud involving the Taiwanese firm and Merrill Lynch.

    Otherwise the story just doesn't make sense. To believe the story, Fubon cuts loss to NT$50 mil. in NT$8 bil. mistake, as it was written, you have to believe that the Taiwan firm hires inexperienced people, gives them little training, and does not review their large trades.

    Do you really believe that a low-level employee spent a quarter billion dollars because of a keystroke error? In any case, the people who should know don't believe the story. Shares of "Fubon Securities' parent firm Fubon Financial Holding rose by 0.47%".

    According to the U.S. government's SEC department, corruption of the media is not the only corruption from Merrill Lynch: SEC Charges Merrill Lynch, Four Merrill Lynch Executives with Aiding and Abetting Enron Accounting Fraud.

    The U.S. government's Justice Department says, Three Top Former Merrill Lynch Executives Charged With Conspiracy, Obstruction Of Justice, Perjury In Enron Investigation.

    There is general agreement that there has been no serious change in the U.S. government and big corporations like Merrill Lynch and Citibank. Apparently the only change is that they will be more careful in the future when they engage in deceptive practices. For an example of what has been written about this, see Iraq Could Produce Another Enron, by Nomi Prins. Ms. Prins wrote an excellent book about corporate and government corruption in the U.S., Other People's Money. At Powell's: Other People's Money.

    Apparently most of what is written about the financial markets is fradulent in some way. Generally it fits into the category of "What we want you to think so that we can make more money". Employees and investors in the U.S. have lost billions of dollars due to fraud in the last few years.

    The corruption is extremely widespread. Here are short reviews of 35 books and 3 movies about conflict of interest in the U.S. government: Unprecedented Corruption: A guide to conflict of interest in the U.S. government. (To those who think there is little or no corruption: If you can't give any example of a book or article you have read that supports your view, please consider not commenting this time.)

  25. U.S. taxpayers pay for pipeline security. on Perl's Chip Salzenberg Sued, Home Raided · · Score: 1


    "No, but so what."

    Since the 40s, and maybe before, but it really got started intensely in the 1940s, the British and U.S. governments have accepted the idea that they can act in secret, break laws, and kill people in order to protect the profits of companies doing business in foreign countries. This has caused enormous corruption, because many, many companies want such secret action. The original idea was to protect the profits, but now the idea has become to act in secret to increase the profits.

    The issue in Afghanistan is that, to put in a pipeline, there must be security. But Afghanistan is an insecure place, partly because the USSR and the U.S. government's secret CIA fought each other there for years. So, the pipeline would not be profitable because the security would cost too much.

    However, if the U.S. government could be persuaded to tell the American people that they need to support a lot of killing there, the pipeline would become "profitable". Not profitable, but "profitable". Profitable is when the expenses are less than the income. "Profitable" is when U.S. and British taxpayers can be convinced to give free money to the project, so that the oil companies don't have to pay all the costs of the project.