Slashdot Mirror


User: jonadab

jonadab's activity in the archive.

Stories
0
Comments
5,933
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,933

  1. Re:More than three on Microsoft Announces Three More Critical Vulnerabilities · · Score: 4, Insightful

    > There are 20 separate vulnerabilities in Windows and Outlook Express

    No. No, no, no. There is *one* vulnerability in Outlook and Outlook Express,
    one that has been public knowledge for about a decade now and Microsoft has
    thus far made no attempt to fix. The vulnerability is, Outlook and Outlook
    Express deliberately treat untrusted data in ways that untrusted data should
    NEVER be treated under ANY circumstances. Their whole approach to security
    is, instead of the correct this-data-is-untrusted approach, a dain brammaged
    fix-specific-problems approach, wherein the data that ought to be untrusted
    is stopped from doing certain specific things that have been known to cause
    problems in the past but still allowed to do basically anything else.

    There may be 20 separate specific ways this can be exploited, and more will
    be discovered next week, but it's fundamentally *one* issue.

    Executive summary: Outlook and Outlook Express don't *have* security holes;
    they *are* security holes, big fat wide-open ones.

  2. Re:Meanwhile... on Microsoft Announces Three More Critical Vulnerabilities · · Score: 1

    > 1) why would you need 10 different ftp servers?

    You probably don't even need one. But if you do need one, it's nice to be
    able to pick your favourite one, install it right off your distro CD, and
    have it configured and running in two minutes flat. Since not everyone has
    the same idea about which one they want (see, some people prefer wu-ftp, but
    those in the know use proftpd), the distro includes all the major ones, so
    you can pick whichever one you want.

    The other poster's point was that when a vulnerability is reported in a
    distro, in many cases it's in some optional package like that that most users
    aren't even using. Not in every case, of course. There were those openssh
    issues a while back, for example... those were pretty major, because there
    are alternatives to openssh but nobody seems to use them and most distros
    don't even include them. And a lot of distros turn on sshd by default. So
    a vulnerability in that impacts nearly everyone. But a lot of the "Linux
    vulnerabilities" you hear about are not like this at all, more like "Hey,
    all users of Bob's Fancy MP3 Jukebox, it has been discovered that the plugin
    for playing Windows Media format files directly off the internet is vulnerable
    to a cross-site cookie vulnerability that can allow a malicious site you
    play music from to track you; users are advised to update to version 0.1.18
    of the plugin and version 0.2.8 or higher of BFMJ."

    Even a lot of the security advisories that theoretically have to do with
    stuff everyone uses don't actually impact most people. For example, there
    was an Apache issue a while back that only hit you if you were using some
    fairly specific configuration; I don't recall the details, only that none
    of the five systems I look after that have Apache on them needed an update,
    since none of them were using whatever it was that was vulnerable.

  3. Re:Linux is not 100% secure on Microsoft Announces Three More Critical Vulnerabilities · · Score: 1

    > Oh, one more thing. I miss the days when you could listen to your computer's
    > hard drive and know what it was doing. If it started up and a odd time you'd
    > know something wasn't right. These days on windows the hard drive seems to
    > randomly grind a way for a second every once and a while...it's...
    > disconcerting. My mac doesn't seem to do that, can't remember if Linux does.

    Not generally (assuming you have a decent amount of RAM), but cron jobs can
    cause a similar effect, especially the ones that rotate logfiles and stuff.
    Of course, since you can control exactly what time of day these happen, they
    are technically not random, but still they can catch you by surprise.

  4. Re:Township Approval on Off Grid Via Slow Moving River? · · Score: 1

    > the river does not roam through major metropolitan areas.

    No, of course not. (Are there major metropolitan areas in Pennsylvania?
    Hmmm... I can think of two; not sure whether the river in question visits
    either of them.) But small-town and country people get around quite a bit,
    and a major river is a big deal, something people pay attention to and notice.
    At any given time you may not see any people, but if you park your truck next
    to the river and sit around for a few hours watching, you'll see people.

  5. Slightly-modified standard markup. on A Powerful, but Minimal Document Markup Language? · · Score: 1

    What you want is very similar to something like XML. You could define a
    set of shortcuts for yourself, and write a very simple script (e.g., in
    Perl) that just fixes up your shortcuts into the real thing. For example,
    if you don't feel like typing <p> at the beginning of every paragraph and
    </p> at the end, you could make the rule that blank lines delimit
    paragraphs; then your preprocessing script will have to insert all the
    paragraph tags. (This is not as hard as it sounds; for each blank line,
    you replace it with </p><p>, then you go traverse backward and forward from
    that point over the largest possible wellformed block that does not include
    any blank lines, and that's where you put the other start tag and end tag.
    The hardest part about this is writing a parser that can go either direction
    (forward or backward) and understands what "wellformed" means.)

    Any other shortcuts you want to define are fine too, as long as you can write
    the preprocessor to turn them into the desired equivalent standard markup.
    Run your stuff through your handrolled preprocessor script, and you've got
    standard markup.

    Of course, you want to pick the standard markup that's closest to your
    needs, both in terms of requiring the minimum amount of work out of your
    preprocessor and in terms of being able to be converted into the maximum
    range of other formats using standard off-the-shelf tools. DocBook has
    been suggested, and it's hard to disagree, but XHTML will probably do in
    a pinch, especially with judicious use of classes to mark things like
    sidebars and examples. You could have a rule, for example, that a level
    2 header introduces a new chapter, and that sort of thing, so that it
    would be relatively easy to use XML::Parser or the equivalent (or even
    XSLT if you're into that) to transform your final document into whatever
    format you happen to want it in, including DocBook or whatever.

  6. A true email packrat would have more than 1GB... on Forbes Reviews Google's Gmail [updated] · · Score: 2, Insightful

    My mail has accumulated to 1.8GB just in the two years since I switched to
    Gnus (circa April 2002); everything from before that is still stored in
    Pegasus Mail on my Windows partition, except for the stuff from when I was
    in college, which is stored as plain text (but with full headers) on my old
    FAT16 data partition.

    Okay, so most of that is mailing lists and spam, but still... one mere
    gigabyte is nowhere near enough for a whole lifetime. If they were promising
    to double the storage limit every eighteen months, then it might be closer to
    enough (especially if you delete all the spam, instead of keeping it around
    for statistical analysis like I do).

  7. Re:Township Approval on Off Grid Via Slow Moving River? · · Score: 1

    > just put the freakin' generator on the river, shut your mouth about it and
    > wait for someone to tell you to stop.

    On the Susquehanna? I'm pretty sure you'd be noticed in notime flat.

  8. Re:Township Approval on Off Grid Via Slow Moving River? · · Score: 1

    > What if he doesn't live in a township

    I don't think that's possible. I think all the counties where the Susquehanna
    flows are subdivided into townships.

    > and owns the river himself?

    That would be a pretty neat trick. Not only does owning a river mean you
    have to own all the land on both sides of all the tributaries all the way
    up to the headwaters, but this is the Susquehanna we're talking about.

  9. Re:Stay on-grid while generating power on Off Grid Via Slow Moving River? · · Score: 1

    Draining wetlands is different; that's a special law, passed just for wetlands.
    The river is a navigable body of water, and so in order to own it you have to
    own all the land it touches; that's the rule. With a pond or lake, this
    means you have to own all the way around it. With a stream or river, you'd
    have to own not just on both sides but all the way up to the source of the
    headwaters; otherwise, it's not yours; it's just passing through your property
    and the public can use it (e.g., for canoeing) as long as they stay on (or on
    the bank of) the river, and you can't interfere (e.g., by damming) unless you
    have cut through all the relevant red tape.

    If it were a dinky nothing stream, you *might* get away with it on the grounds
    of nobody noticing until the structure was years old, but the Susquehanna is
    too major for that; anything you do will be noticed before you finish doing it.

  10. Re:CygWin? on Building Gimp 2.0 on Windows XP? · · Score: 1
    < A so-called 'shatter attack' doesn't work unless you < have a buggy program with enhanced privileges running.

    The program doesn't have to be buggy per se; it only has to be running with enhanced privileges and have a "window" on the desktop. (Any representation on the desktop will do, even a system tray icon, if I understand correctly.) The vulnerability is in the Win32 API and widget set. The antivirus software in question was not buggy in itself (at least, not in a way that is relevant to the shatter attack), unless you count running with enhanced privileges as a bug.

    This guy claims to have exploit code for at least 4 different processes on a default installation of Windows 2000. Unless he's full of bologna, I'd rate that as pretty serious.

    Shatter is a privilege escalation attack. You have to already have some kind of user-level access to the system in order to use it. But it does allow any user on the system to get privileges. (This is particularly bad for a Terminal Services / thinclient situation, since any user on any of the thin clients can take over the whole server.)

  11. Re:You might be a futuristic redneck if.... on Personalized Moon Crash · · Score: 1

    > You consider a six-pack and making a crater in the moon quality entertainment.

    What, a six-pack and slashdot is better?

    > Post, you will. Modded down, you are...

    Assimilated, you will be. Futile, resistence is, Hmmm...?

  12. Re:Sure on Personalized Moon Crash · · Score: 1

    > Let's litter its surface with tons of our crap for a nominal fee!

    Umm. If they're charging a *minimum* of six million greenbacks for 20kg, a
    ton would cost... over eighteen billion smackers *per ton*. You call that
    a nominal fee?

  13. Re:That's great on Personalized Moon Crash · · Score: 1

    > lets trash the moon before we even get there.

    Care to explain why we'd want to get there? I mean, besides just to say we've
    been there and stick up a little flag, because we've done that bit. Apart from
    that, the moon is a totally unattractive place to go. Not only doesn't it have
    an atmosphere to speak of, it doesn't even have enough mass to hold one. If
    we were going to go somewhere outside of Earth, Mars is the closest meaningful
    place to go. Mars could potentially be terraformed (though I'm not sure we
    have the technology to do it yet and I'm certain we can't foot the bill yet).
    The moon? It's basically just a big rock, useful mainly for reflecting the
    sunlight and influencing tides.

    I surely don't see the *point* of putting 10 kilograms of junk on the Moon
    (and if it's not junk now, it will be after impact), but I don't see that
    it does any harm either. If anything the greatest harm it does is remove
    that much mass from Earth, but in that regard it's nothing compared to all
    the (admittedly more worthwhile) exploratory craft we've sent various places.

  14. Re:Facts about spammers: on Hidden Messages in Spam · · Score: 1

    > Since I can only personally name about 8 search engines

    Search engines of any kind, or general web search engines that actually matter?
    I can name dozens of the former, but there are only about four of the latter,
    and that's being generous and counting AltaVista despite the fact that nobody
    actually uses it anymore.

    Now, if you include search engines that search something other than the web
    in general, there are a few more that matter, in the special-purpose category.
    search.cpan.org, for example, matters, catalog.loc.gov, and many others, but
    they don't count if you're only considering "normal" (i.e., general-purpose
    web) search engines. If you do count these, then there are more than eight
    that I use on a daily basis.

  15. Re:Highest Stress Job: Advisor to Tyrant on Technology Spontaneously Combusts In Sicily · · Score: 1

    Heh. Interesting parody.

    > notice that God wasn't asking for blind faith here; that's not the way
    > the God of the Bible works.

    Indeed, nothing in the Bible ever refers to faith as blind.

    Okay, working from memory here, so some details may be a little off...

    No computer guru, code architect, designer, or support staff can explain to
    the CEO the mystery he has asked about, but there is a God in heaven who reveals
    mysteries. He has shown CEO Ballmer what will happen in days to come. Your error
    codes and BSODs that passed through your monitor as you sat at your desk are
    these...

    You saw a great statue, with a head of gold. The chest and arms were of
    silver, the belly and thighs of bronze, and the legs of iron. The feet and
    toes were partly of iron and partly of baked clay. As you were watching, a
    rock was cut out of a mountain, but not by human hands, and fell on the
    statue. It smashed the bronze, the iron, the clay, the silver, and the gold
    to pieces.

    You, O CEO, are that head of Gold. Your software empire extends to the ends
    of the earth; the great God has given you dominion over all the computers of
    the world. Those bugs you want to fix, you fix, and those you do not want to
    fix, you do not have to fix. The computers you want to upgrade, you upgrade,
    and those you want to shut down, you shut down.

    After you, another software empire will rise, a silver empire, inferior to
    yours, and after that, a third empire, of bronze. After that, a fourth
    empire will rise, one of iron, which will smash and break all competitors,
    just as iron smashes all things. It will be a divided empire, just as the
    two legs of the statue are of iron, and in the end it will be a mixed
    empire, just as the feet and toes are mixed, partly of iron and partly of
    clay.

    Finally, a great empire will come, one of stone. It will crush all
    the other empires. This is the vision of the rock, cut out of a mountain,
    but not by human hands, a rock that broke the iron, the bronze, the clay,
    the silver, and the gold to pieces. The great God has shown the CEO what
    will take place in the future. The dream is true and the interpretation
    is trustworthy.

  16. Re:Highest Stress Job: Advisor to Tyrant on Technology Spontaneously Combusts In Sicily · · Score: 1

    > My guess is that he thought his "advisors" were full of bull, and were
    > trying to manipulate him.

    You guess right; he says as much in the passage.

    > His advisors, understandably, said, "You're on crack -- no king in history
    > has asked something like that",

    They were a little more respectful than "you're on crack". Not wanting to
    be cut into pieces and have your houses turned into piles of rubble has a
    tendency to produce a respectful attitude (well, outwardly).

    > to which he replied, "I'll show you who's on crack..."

    Actually, I think he said, "Now you're stalling."

  17. Re:The Score on Technology Spontaneously Combusts In Sicily · · Score: 1

    > It reminds me of a biblical story where the king killed all his advisors
    > who couldn't tell him what his dream meant.

    No, he didn't do it. He was going to, but then this young Jewish man (called
    Belshazzar by the king) came along and told him the dream, so he let the
    advisors and enchanters and sorcerers and diviners off the hook.

  18. Re: Future of Samba on Microsoft Clips Longhorn · · Score: 2, Interesting

    > Longhorn probably won't be the "killer app" that gets people to upgrade
    > like Windows 95 was.

    Windows 95 wasn't either. Most folks didn't get it until they bought a
    computer that came with it. A lot of people were still using Windows 3.1
    (yes, really) as late as 1998 or 1999. (Admittedly, Windows 95 wasn't
    readily available until early 1996, so that's only 2-3 years. Still, Win3.1
    really sucked, and almost nobody cared.) DOS continued to be used even
    *longer*, because of legacy DOS-based apps that wouldn't run properly in
    Windows. These have been *very gradually* dying off, and at this point
    *most* of them are dead, but DR-DOS is still selling a few copies, though
    admittedly most of those copies might be running on VMWare or VirtualPC.
    But as late as 1998, DOS was still almost as widespread as MacOS. Win95
    was at that level in 2002 or so, and Windows 98 still will be in 2005.
    If Longhorn comes out in January 2006 (which seems early to me), WinXP
    will still be common as late as 2010 or 2011.

    This sort of thing is not unique to Microsoft. I administer four Linux
    systems (two at home, two at work); one of them is still running a 2.2
    series kernel (hey, it works). At work, we have five Macs. One of them
    is 8.1, two are 9.0, one is 9.1, and the newest one is 10.1.5 I think.
    (We don't _just_ have Macs; it's a heterogenous network; we even have
    one VMS system. We've not upgraded the VMS system since we bought it in
    Fall of 2000, but I think 7.2 is still the current version.)

    Heck, there are (a few) people out there still using Perl version 4.

  19. Re:ok, so feature me this batman ... on Happy 35th birthday, RFC 1! · · Score: 1

    Generally, anything listed in STD 1 is considered fairly important. The lowest RFC numbers I see there are 768 (UDP), 791 (IP), 792 (ICMP), and 793 (TCP), all of which are quite thoroughly important, fundamental to the internet. 821 and 822 are vital for email. Some of the RFCs not listed in STD 1 do have some importance, however, and it's possible that there's an important low-numbered one I'm missing.

  20. Re:Wow, creation story of the internet on Happy 35th birthday, RFC 1! · · Score: 1

    > From a history of the Internet perspective I have to wonder when it was
    > that port 80 traffic overtook port 25.

    Sometime in the mid-to-late nineties I think. But only because web pages
    consume more bytes than email messages for the same amount of time spent
    reading them. Images are the main factor here. Most email is still sent
    as text/plain, and most email that's sent as richtext or html doesn't
    include any actual non-text content, apart from a little markup.

    What's more interesting is to note when web fora became more popular than
    usenet. I think this traces to a combination of three factors: increasing
    amounts of usenet spam, improving quality of web browsers (just _try_ to
    spend an hour on slashdot using Netscape 4 or IE 4; it's painful), and the
    decreasing average quality of mail and usenet clients (due mainly to the
    introduction of a lot of low-quality ones; the better ones have actually
    continued to improve, but finding them among the dross is harder). It's
    astonishing how many people settle for e.g. Outlook -- or even webmail.

    usenet is still a really cool resource, though.

  21. Re:April 7th, 1969 on Happy 35th birthday, RFC 1! · · Score: 1

    > 1969... Isn't that before the beginning of time()?

    I think Tenex handles (handled?) time differently from Unix.

    It is interesting to note the historical reasons why Tenex/Twenex died and
    Unix pretty much completely took over; mostly it boils down to portability;
    Unix was written in C which, despite its many flaws, was not particular to
    a specific hardware, but Twenex was married to the 36-bit assembly language
    and stuck on a doomed hardware architecture, never to be ported. Otherwise
    things might have gone rather differently.

  22. Re:CygWin? on Building Gimp 2.0 on Windows XP? · · Score: 1

    > (don't know about 9x)

    On Win9x, every process has the equivalent of root privileges. Always.

    On NT, any user can _get_ root (err, LocalSystem) privileges due to a thing
    called a shatter attack (which is basically a local root exploit that can't
    be fixed without breaking the Win32 API), but processes do not all have such
    privileges automatically, and cygwin would be no different from any other
    application in this regard.

  23. Re:Someone should tell Apple on Zero Install: The Future of Linux on the Desktop? · · Score: 1

    > Buying NeXT was the best decision anybody at Apple ever made.

    Actually, they were thinking about buying Be, which would have been just
    about as good. (Be was better in a lot of ways, actually, but NeXT was
    where Jobs was...)

  24. Quick, patent it... on Bicycle Riding on Square Wheels · · Score: 1

    Quick, patent it, then convince a couple of major cities to make their roads
    this shape. You'll do a booming business in wheels, then!

  25. Re:So? on Computerized Time Clocks Susceptible to 'Manager Attack' · · Score: 1

    Heh. When I used to work fast food (McDs specifically), I used to joke with
    coworkers that I'd discovered a way they could get five days off a week and
    still get paid for forty hours. All they had to do is work open-close two
    days in a row with no breaks, 5am-1am. For some reason, none of them were
    nearly as enthusiastic about five days off as they had been before I told
    them how the system would work. Some inane nonsense about needing five days
    of sleep just to recover and get ready for next week :-O