Slashdot Mirror


User: jonadab

jonadab's activity in the archive.

Stories
0
Comments
5,933
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,933

  1. Run your own internal network. on Securing Files in a Hostile Workplace? · · Score: 1

    If you can't trust your company's IT department, then you have to
    treat the company network as if it were part of the internet --
    outside, hostile, dangerous. That means you have to have your own
    internal firewall(s) that prevent traffic from coming into your
    department from the rest of the company network, except for traffic
    that you specifically allow. The IT department can control whatever
    servers it likes, but you don't put anything that matters on those
    servers; you keep it on your OWN servers. Ideally, the IT dept.
    shouldn't even know these servers exist, but absolutely they must
    not have access to them. This includes physical access, even if
    that means you have to rig a cabinet to set off fire alarms or
    whatever if it's breached improperly. (Being engineers, I imagine
    you can come up with something. Be creative. Train whistle and
    air compressor, whatever, make sure you will KNOW if someone is
    getting into there, and make sure power to the alarm system can't
    cut without setting off an alarm (think UPS inside the cabinet).)

    It gets worse. You said you have no control over the physical
    topology of the network. That means anyone random can just plug
    in on your side of your internal firewall. That means all your
    systems that have data you need to protect MUST be locked down.
    I'm thinking you want to limit it to as few systems as possible
    (servers) and turn the clients into thin clients, at least for
    the purposes of accessing the data you intend to protect. No
    system should be able to connect to the servers that house the
    data without authenticating each time, and you need to use an
    encrypted wire protocol. (X11 forwarding over ssh could be made
    to work, but being stuck with Windows clients is hurting you here.
    Yeah, cygwin has X and it works, but unless it's improved since
    the version I've got it doesn't integrate well and will get in
    the way of getting work done. You might want to look into VNC
    or something along those lines.)

    > we need to be able to recover access in the event a bus hits
    > an engineer,

    All this means is you have to trust more than one engineer with
    the same or equivalent access keys (whether these keys are virtual
    or physical or both).

    > engineers need to be able to securely take files home,

    Can the engineers have decent bandwidth (better than dialup) and
    latency (better than satellite) at home, so as to connect in the
    same authenticating way as they do at work? If so, this issue
    just goes away. Remember, the corporate network is as far as you
    are concerned part of the untrusted internet, so whatever
    encryption and authentication are good enough to authenticate an
    engineer at work are good enough to authenticate him at home.

  2. Re:SVG is not the future on GIMP goes SVG · · Score: 1

    IE will never be Notepad. First, because it's many times as capable
    (*Anything* is many times as capable as notepad) but more importantly
    because end users don't care about text editing, don't do enough of
    it to count, and end users are the people who don't install better
    apps. IE, as long as it is bundled, will always have a decent market
    share. It may not keep the overwhelming share it has, but it will
    have at least 30% or so, as long as it is bundled with the dominant
    OS, regardless of all other considerations. And that's if the major
    ISPs put something else in their connection kits.

    Therefore, websites (excepting ones specifically geared toward
    powerusers or developers or geeks) will always have to be sure that
    they degrade gracefully into IE. It can never be just _dropped_,
    like Netscape 4 has been.

  3. Re:SVG a Huge plus on GIMP goes SVG · · Score: 1

    > It's the same with any tool. The more powerful it is, the longer
    > it takes to learn to use it.

    To learn to use it _fully_, yes. Some tools though have sensible
    newbie-oriented defaults. (Emacs, it should be noted, is definitely
    not one of them; I had to learn lisp before I could get comfortable
    with Emacs; now, of course, I can't live without it.) To a lesser
    extent, neither is Gimp. OpenOffice is better (assuming the user
    isn't too used to MSO). I gave my mom and sister OO.o to use and
    they have little trouble with it. Gimp, OTOH... is way, way beyond
    my mom, and my sister still struggles with it.

    Okay, so my sister does use Emacs, but only in one one major mode,
    which I wrote, which does a hyper-specific thing; if you asked her
    to use it for anything else, she'd be lost. I think she knows
    two standard Emacs keystroke combinations, excluding the ones that
    are specific to my major mode. She uses the mouse and menu for
    open and save, and copy-and-paste doesn't come into play much for
    the specific thing she uses it for.

    Do my mom and sister use all the features of OpenOffice? No way.
    They don't even set tab stops. But the interface for setting tab
    stops is nicely unobtrusive and doesn't get in their way when they
    type stuff in, and that's the key. I haven't seen a powerful
    image editor yet that manages this. Gimp and photoshop certainly
    don't, and MS Paint isn't what I'd call powerful. But let's face
    it, word processing in general is much more seasoned than photo
    editing, and the interface has had more time to be developed.

  4. Re:SVG a Huge plus on GIMP goes SVG · · Score: 1

    Well, I *know* the best interface for me for many tasks is the
    commandline, but I don't know whether it's because I learned it
    first, or because it's just plain better.

    Of course, I don't use the commandline for editing images. Unless
    you count raytracing, but that's different.

  5. Re:LAMENS TERMS (layman's terms?) on GIMP goes SVG · · Score: 1

    > a soft g as in frog and graphics

    i.e., as a voiced velar stop. I meant to say that in the other post,
    and forgot.

  6. Re:LAMENS TERMS (layman's terms?) on GIMP goes SVG · · Score: 1

    Around here, gin and git are both pronounced with a hard g (same as j,
    rendered by phonemologists as dzh or somesuch, an alveolar voiced stop
    followed by an aspirated voiced sibilant), but gimp (and so presumably
    also Gimp) is pronounced with a soft g as in frog and graphics.

    Regardless of local dialects, I would posit that Gimp should be
    pronounced the same way as gimp.

  7. Re: INACCURATE TERMS on GIMP goes SVG · · Score: 1

    > there is an option to have that menu up at the top of the
    > image window

    That should probably be the default. Personally I'd turn it off, but
    I'm a poweruser and regularly change the settings all around in any
    program I install. End users generally are fearful of changing any
    settings, and so the defaults should be geared toward them. The
    preferences/options dialogs should be geared toward powerusers.

    I'm not sure Gimp is ready for end users yet. (Then again, I'm not
    sure Photoshop is either, though I haven't seen the current version.)
    Too many of the default settings are poweruserish. You have to
    understand layers, for crying out loud, to make effective use of
    copy-and-paste. Now, layers are great and all, and I will never go
    back to an image editor that doesn't have them, but they confuse the
    everliving daylights out of newbies. For newbies, the default when
    pasting should be to let the user reposition the floating selection
    initially, but then when the user goes on to do something else, the
    selection should be either autoanchored (if there is only one other
    layer, which will be the normal case for end users) or made into a
    new layer (otherwise). Of course, it should be easy to turn this
    feature permanently off in the prefs, and people upgrading from
    earlier versions of Gimp should probably get the old behavior, and
    distributions not geared toward end users are free to change the
    defaults as appropriate for their userbase.

    SVG support is good. I'll probably use it sometimes, for web
    graphics that I want to be able to scale a bit. (This is really
    useful if you want to set the width to 100%, which with a bitmap
    isn't a terribly attractive option.) So I'll be glad to have
    this feature.

  8. Re: INACCURATE TERMS on GIMP goes SVG · · Score: 1

    It has already been conceded that Gimp is cheaper; that point was
    not in dispute.

  9. Re:LAMENS TERMS on GIMP goes SVG · · Score: 1

    `o Gimp hdh ergei ws `h Photoshop kai `h Illustrator.

    Well, that's what the other poster said, anyway. I don't have a Greek
    keyboard, so h is eta and w is omega, and ` is a rough breathing mark.

    HTH.HAND.

  10. Re:I don't care on MPAA Ruins Own Films As Anti-Piracy Measure · · Score: 1

    > It's about $30 because:$9 for me, $9 for my g/f, and the rest
    > for popcorn/etc.

    Two words: Dollar Theatre.

  11. Re:Add value... on MPAA Ruins Own Films As Anti-Piracy Measure · · Score: 1

    > I personally don't go see a movie in the theatre unless it is a
    > 'Spectacular' movie. One where the experience of seeing it on a
    > Big screen cannot be duplicated by any other means and actually
    > plays and integral part of the film.

    Dude, that's what dollar theatres are for. They get the movies a
    while later, about the time they're coming out on video (which is
    why they can charge a buck), but hey, if you haven't seen the movie
    already, it may as well be new, eh?

    I don't know how long it's been since I paid full theatre price to
    see anything; a while, that's for sure.

  12. Re:someone had to say it... on MPAA Ruins Own Films As Anti-Piracy Measure · · Score: 1

    > I feel some movies are SOOOO bad as to have STOLEN my time.

    You realise, of course, that nobody REQUIRES you to watch them?
    So, they can only take your time if you GIVE it to them? So don't.
    (I don't, generally. I make exceptions for a few movies I actually
    WANT to see, though. Two or three a year. For example, I went to
    see ST:Nemesis in the dollar theatre.)

  13. Re:Maybe on Google Tracking Frequent Users · · Score: 2, Informative

    > It is placed on your computer without your explicit authorization

    With most default browser settings, yes. The rest of the statement
    is utter hooey.

    > it does transmit the information back

    No, it _is_ the information that your _browser_ transmits back, and
    calling it a "software file", in addition to being technically
    incorrect because it's not stored as a distinct file, conjures up
    images of an active application, which together with the language
    "transmits back" makes it pretty clear that the author thinks of
    the cookie as an application that can do things -- and a natural
    reading of his description will lead someone who doesn't know any
    better to believe the same.

    It's no wonder people don't understand computers. If they read
    the news or watch TV, they will in no time flat be so confused
    they'll think the resume application they created in the Word
    operating system is stored in their Windows document on their
    computer's modem.

  14. Re:Maybe on Google Tracking Frequent Users · · Score: 2, Interesting

    > If you do believe that cookies are a bad thing(tm), then you
    > should turn them off - and you might be better off burning your PC
    > and move far, far awy from anyone who can even look at you as well.

    Practically speaking, too many things break if you turn cookies off,
    and asking the user about each one turns the web into a dialog box
    festival. But you can limit the max cookie lifetime without
    degrading your internet experience at all. Most browsers support
    that option these days.

  15. Re:Maybe on Google Tracking Frequent Users · · Score: 1

    > The counter is placed on computer hard drives by a cookie, a
    > software file that a Web site places without the recipient's
    > permission or notification and that transmits information back
    > to the site.

    Umm, yeah. I can't believe they printed that; it has to be the
    worst definition of 'cookie' that I've ever read.

    > "If the number contains more than three digits,'' the counter
    > notes, "you truly are a Google frequent searcher.''

    Three digits? If I didn't have my max cookie lifetime set to session,
    I'd probably have five digits.

    > Maybe the article author should Google for browser
    > security/privacy settings to find out how cookies are handled.

    I don't think that would help. The author of that definition is
    obviously so confused about terminology that a clear explanation
    could still leave him thinking of the cookie as an application.
    He probably also thinks Internet Explorer is his ISP and Compaq
    is his Operating System.

  16. Cover your ears on What Counts as Music and Why? · · Score: 1

    It doesn't transform the data into music. All it does is slap a WAV
    header on the beginning so that an audio player will try to play it.
    Not that it will finish playing anything more than two seconds long,
    because you won't let it finish, unless you're deaf. This is the
    software equivalent of inadvertently putting a data CD into a CD
    player that doesn't know any better than to play it. If the volume
    isn't turned way down first, it physically hurts. NOBODY is going to
    mistake this for music in any sense of the word "music". Noise maybe.
    Most people will probably figure the speakers are broken, until you
    play something else to convince them otherwise.

  17. Important feature for developers generating XML on OpenOffice.org Hits 1.1 · · Score: 1

    End users won't care, but this release carries a feature that will
    be VERY important for anyone who writes software that generates
    OpenOffice.org documents: if your XML is invalid in some way,
    OO.o will now tell you exactly where the problem was, instead of
    just bombing. I discovered this when testing the betas, and I
    was elated. (I write Perl scripts, including some CGI scripts,
    that generate SXW for printing. This makes debugging MUCH easier.)

    So, umm, when's the database component coming? I heard rumours that
    they were starting on one...

  18. Re:Open Source Code Quality on OpenSSL Security Vulnerability · · Score: 1

    > Actually, the kernel will kill the offending user process. It's
    > been part of the VM code since at least 2.0.x.

    Indeed, this is true: if you run out of swap space, Linux starts
    killing off whatever processes are allocating memory. This is a pretty
    rough way to find out you're running low on swap, but it beats the
    everliving heck out of the previous way, wherein the system would
    become so slow that you could hit the close button on a window, go to
    the store, come home, cook a meal, eat, do the dishes, and the window
    would still be in the process of closing.

    I work around this problem by having about twenty times as much swap
    space as I *think* I need, and keeping a swap meter on my Gnome panel
    so that I'll hopefully notice if I start running low. But I shouldn't
    *have* to do this; I have lots of free drive space. There's no real
    reason more swap files couldn't be allocated if need be, and even
    less reason why a warning dialog couldn't let me know I'm running
    low. (No, these wouldn't be part of the kernel; they could run in
    userspace. But there's no excuse why the major distros don't have
    them yet, eight years after Microsoft implemented both features.
    And yeah, I know MS sucks in other ways, but that's not the point.)

    There's a lot of OSS that I like and use, but there's still PLENTY
    of room for improvement.

  19. Re:Earliest infection on OpenSSL Security Vulnerability · · Score: 1

    [smiles smugly]

    All my MS systems are tucked away behind an IP-Masquerade gateway, so
    they're not addressible from the internet. And I don't allow Outlook
    on my network. So that leaves IE vulnerabilities for me to worry
    about, and those are only exploitable if the user *goes* to a
    malicious or infected website, so they're unlikely to bring down
    the whole network at once.

    [thinks for a moment]
    [drops smile]
    Guess I better run along and install the SSL upgrade on the gateway,
    before some clown figures out a way to exploit the vulnerability.

  20. Re:pheeew on OpenSSL Security Vulnerability · · Score: 0

    > Seriously, between SSH and OpenSSL, I'm getting real tired of
    > patching every week or two.

    It's SSH and SSL this week. A little while ago it was sendmail, and
    before that it was something else -- and don't get all smug about MS;
    I'm still getting two hundred copies a day of viruses and worms that
    exploit their systems.

    The problem, as I see it, is that nearly all the software we use is
    written in bug-prone languages, e.g., C and C++, which have NO
    protections against even the most trivial, forty-year-old known
    common issues, like stack corruption and buffer overruns. Languages
    that obviate these problems have been available for a long time;
    they use a little more CPU time, but CPUs are fast these days, and
    it's high time we start writing the software in VHLLs. When someone
    writes an OS entirely in Perl and Python and other VHLLs, I'll be
    one of the first in line to test it out. I'd be happy to have my
    CPU run at 20% instead of 5%, if it meant no more segfaults, buffer
    overrun exploits, stack corruption exploits, and so forth.

  21. Re:already patched on OpenSSL Security Vulnerability · · Score: 1

    > the way you knock the 800 pound gorilla out of the tree (MS)

    But, we aren't out to destroy Microsoft. That will just be a
    completely unintentional side-effect.

  22. Re:NOT Only for embedded devices RTFA on Software Tweak Makes Linux Boot In Under 200 ms · · Score: 5, Informative

    Nevertheless, it's clear in the article that we're only talking about
    kernel boot time here (which is usually about five seconds). The
    _other_ three hundred seconds your system spends booting (starting
    all the services and stuff, then X, then your desktop environment,
    then any apps) are unaffected.

  23. Go to the mall on IT's Most Outrageous Markups? · · Score: 1

    You want HIGH markup, go to the mall. Worst I've ever seen was at
    a shop called "Bath and Body", which sells mostly (I swear I am not
    making this up) bottles of colored soap. I compared some of their
    prices to a reasonable retail store and determined that B&B was
    charging 1000% more than the other store's price, which presumably
    was already marked up at least a little. For example, B&B would sell
    you a box of four vanilla votive candles for $10; they would be $.25
    each at Deane's, $.20 if you buy them when they're on special.

    Somebody as making a serious killing.

  24. Re:Yeah but... on Y: A Successor to the X Window System · · Score: 1

    [Regarding using AA after Z in spreadsheets]

    > The Microsoft Excel way!? This was used way back in Lotus 1-2-3
    > R1, and I wouldn't be surprised if it was used even in VisiCalc.

    Dunno about VisiCalc, but it was used in AppleWorks. (Err, guess
    I'd better clarify that: I'm talking about the original AppleWorks,
    the one that ran off a single-sided, single-density floppy, back
    when a Macintosh variety of Apple was something you'd get at an
    orchard. Though I suspect the new software by the same name also
    does the same thing.)

  25. Re:Funny on Interview with Linus Torvalds from NYT Magazine · · Score: 1

    > If he really [actually] thinks that the downfall of Microsoft is
    > an inevitability

    If you seriously think there's any question about this, you haven't
    studied any history. *Every* human institution fails eventually,
    whether it be a government, a company, a nonprofit organisation,
    or whatever. It's just a matter of time.

    Now, talking timeframe, that's a much harder thing. Will Microsoft
    outlast Sun? Apple? Active maintenance of the Linux kernel? Will
    it outlast C/C++? Will Microsoft outlast Perl? We don't know (for
    sure) the answer to these questions. But will Microsoft eventually
    fail? Of course. It's just a matter of *when*.

    Some will say, "Oh, no, if it accomplished X, Y, or Z while it was
    still current, it didn't fail", but that's just a different way of
    defining failure; in that case, replace the word "fail" above with
    some other suitable word that indicates a ceasing or downfall.

    Will Microsoft go bankrupt next year? Not hardly. (Not in one
    year even if the major hardware vendors ALL at ONCE tell them to
    shove their OEM licenses, though certainly if even one major PC
    hardware vendor did that it would be major news.)

    Me, I don't really want to see Microsoft die quickly. I want to see
    Outlook die quickly, but a sudden death of Microsoft as a company
    would be a bad thing. Gradual decline toward being one of several
    major players would be much better. And much more likely to happen.