Slashdot Mirror


User: jonadab

jonadab's activity in the archive.

Stories
0
Comments
5,933
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,933

  1. Re:Speaking of exposed email... on The Measured Effectiveness of Blocking Asian Spam · · Score: 2

    JWs are easily dealt with. All you have to do is start quoting
    John 1 for them in Greek and translating on the fly. They go away
    quickly.

    (For those who don't know Greek, the beginning of John 1 is a very
    simple passages to translate, the equivalent in Greek of Dick and
    Jane in English. But it reveals sizeable holes in JW doctrine that
    are impossible to explain away except by misdirection. It also works
    for Mormons. The first three verses are plenty; in a pinch, verse 1
    alone will just about do. On the off chance they don't know who the
    Word refers to (usually they do) you can point that out from verses
    14-15 in English. They'll go away in short order, and the same ones
    won't come back and bother you again.)

    Just quoting John 1 in English won't do, because the JWs have their
    own translation (and the Mormons their own interpretation) that
    alters the meaning, and they've been taught answers for the passage
    in English. But they are not taught answers for the Greek, so
    they'll leave you alone.

  2. Re:102 Features IE doesn't have on Mozilla Adding Spam Filters · · Score: 1

    Bugzilla is worth listing, because it makes the browser more usable.
    (I don't mean just indirectly; the browser is more useful to me
    because I can follow requests for new features and bugfixes that
    matter to me, and upgrade when they land, rather than at arbitrary
    times.)

    However, more items on that list are filler than just the ones you
    give. For example, XUL and skinnability are listed separately, but
    XUL _provides_ skinnability. (Yes, it also provides the ability to
    have things like the preferences toolbar, which would be worth
    listing on its own if it were included rather than being a separate
    download, but still, XUL is one feature, not two.) Some of the
    other TLA buzzwords too, like RDF, are not meaningful features in
    their own right at this time (though they could be in the future).
    They are implementation details, and they don't matter enough to
    the user to really deserve a place on the list. If we trimmed off
    things like that, I think we could bring the list down to perhaps
    80 or so.

    Still, I can pick five entries on the list that when combined are
    so meaningful as to render any browser that doesn't have them
    _useless_ as far as I'm concerned. Tabbed browsing is on the top
    of that list; Microsoft needs to buy out either crazybrowser or
    one of the other tabbed browsing extensions for IE and include it
    in IE7. Popup blocking is on the list too, and is a sufficiently
    compelling feature that if IE had it, Netscape would be forced to
    put the UI for it back into their commercial tree.

  3. Re:Politics on Taiwan Asks Microsoft To Open Windows Source · · Score: 2

    > (Microsoft tells them to go take a flying leap.)

    Right, but that's where it'll go wrong, because Microsoft has a lot
    of corporate weasels who can write stuff like "Microsoft is working
    closely with select partners on an initiative to ensure that the
    needs of Taiwan with respect to custom firewalls are securely met in
    a trusted computing framework by leveraging the added value of shared
    source to customize the secure computing environment for effectiveness
    in the kinds of scenerios that the government of Taiwan faces. We
    have committed software and security experts who will establish open
    communications with the Taiwanese government IT departments in order
    to establish more definitely their security needs and establish an
    infrastructure to allow these needs to be met. Microsoft is fully
    committed to helping Taiwan to fulfill all of its requirements for
    secure software on the Windows platform.

    So, as I said upthread, nothing meaningful will come of this.

  4. Re:Gibberish -- English on Taiwan Asks Microsoft To Open Windows Source · · Score: 1

    I can generally make a fair rendering of corporate weaselese into
    English. I can even translate postmodernist writings into English,
    and can do a fair job translating Koine Greek into English if I'm
    allowed to use a lexicon and a couple of paradigm charts. Chinese,
    however, is a language I can't translate. Some of the more intense
    lawyerese is beyond me also.

    So, which language did you mean when you said "gibberish"? Let's see
    a sample of it, and see if I can have a go...

  5. Standard socialist terminology. on Taiwan Asks Microsoft To Open Windows Source · · Score: 2

    > I still find it funny that a communist country like China can claim
    > to be the "Peoples Republic of China"

    The adjective "People's", in communist countries, doesn't mean the
    same thing that it means in (for example) the US. To us, "people" is
    the plural of "person", and "People's" is possessive plural,
    indicating that the item is owned by a group of individuals who
    are each a person. It doesn't mean that in China. Rather, it
    means something along the lines of "controlled by the state that
    governs the People", where "the People" is a collective term that
    refers not to individuals but to the entire populace as a nation.
    (The simple plural people, meaning a number of individual people,
    is also used, but you can tell the difference from context.)

  6. Minor oversight... on Taiwan Asks Microsoft To Open Windows Source · · Score: 2

    I seem to have left the word "leveraging" out of my statement. It
    should read, "work with select partners to ensure that this need is
    met within a trusted computing framework by leveraging the shared
    source initiative..."

    Anyway, my point is that nothing meaningful will come of it.

  7. Re:As much as we'd all like to see this... on Taiwan Asks Microsoft To Open Windows Source · · Score: 3, Interesting

    Oh, sure. Well, sort of. Microsoft will probably work with select
    partners to ensure that this need is met within a trusted computing
    architecture via the shared source initiative, or somesuch. (When
    translated into English, this rougly means they'll allow half a
    dozen NDA-bound persons from the government in question to peek for
    a couple of minutes at copies of what they claim is the requested
    source code, with strict provisions in place to ensure no useful
    information ever comes of it to anyone. The government of Taiwan
    will be pacified by this just enough that nothing more interesting
    will come of the matter.)

  8. Re:Asian Pacific network on The Measured Effectiveness of Blocking Asian Spam · · Score: 1

    > I've even had bounces because my mail, with a Yahoo return
    > address, was sent via my Hong Kong ISP's SMTP

    This is not surprising. Your Hong Kong ISP's SMTP server probably
    fits the following profile:

    * Resides in the APNIC block.
    * A tracert from anywhere in the western hemisphere will
    pass through southern California.
    * The last router the tracert passes through in southern
    CA (on the way to the SMTP server in question) will be
    the last node on the route that can be looked up via
    reverse DNS. Almost _nothing_ in APNIC provices reverse
    domain lookup (i.e., in-addr.arpa). (Whereas, in the
    the western world almost all IP addresses are reversible,
    so you can at least look up who registered the domain.)
    * Therefore, tracking down who controls the mail server
    in question is highly impractical. You'd have to find
    out who APNIC sublets the block to that contains the IP,
    then find out who _that_ outfit (a highly-uncooperative
    Asian backbone provider) sublets to, then find out
    whether that ISP owns the mail server or is subletting
    that part of the IP block further (and you are taking
    their word for it), and so on. That way lies madness.
    * A significant amount of spam is sent using that mail
    server. Not by you, but by other customers of your
    ISP, or perhaps by people who are using it as a relay,
    if it's open to that.

    In other words, it's not a good mail server to use for your
    outgoing mail. I sympathize, because I imagine it's next to
    impossible, living in your area, to find an ISP that will
    provide you with an account on a decent mail server, and it
    could be hard to justify the added expense of a separate
    account on a mail server elsewhere.

  9. Re:Spammers in Korea are required by law to on The Measured Effectiveness of Blocking Asian Spam · · Score: 1

    Nice. I'm already filtering ks_c stuff, but this catches some Korean
    spam that slips through by using utf8 or just plain not specifying
    a character set. Thanks!

  10. Re:I'd say something on The Measured Effectiveness of Blocking Asian Spam · · Score: 1

    > Using Hotmail alone doesn't get you spammed.

    That's interesting, considering Microsoft's privacy policy clearly
    states that they may reveal your identifying information to select
    business associates in order to provide value-added services, or
    some such legalese for "we will sell your address".

  11. Re:Epiphany on The Measured Effectiveness of Blocking Asian Spam · · Score: 2, Interesting

    > Now, you may say that giving out SSN is more dangerous than giving
    > out e-mail

    *I* wouldn't say so. I give out my email address (everywhere: on
    slashdot, on usenet, on my own website, ... everywhere), but I know
    the fire I'm playing with and am prepared to deal with the deluge.
    (I use Gnus, so filtering can be arbitrarily elaborate. Some day,
    I'll set up my own mail server and do the filtering server-side with
    SMTP rejects, as this guy has done... but for now the client-side
    filtering is getting me by. Only about 80 messages got past my
    filters so far since last night... and of course they all landed in
    my inbox, where almost none of my legitimate mail ever goes, because
    it gets sorted into various folders by subject and sender and by To:
    field (mailing lists) and so on. Legitimate mail is much easier to
    filter than spam. I get _way_ more legit mail than spam, and way
    less of it lands in my inbox for manual sorting.

  12. Re:Let's skip them, and do it ourselves. on Longhorn Server Scrapped · · Score: 2

    > I wouldn't mind trying GNU/Hurd.. but there aren't any screen shots
    > to tempt me

    The visual interface would be your bog-standard Gnome, so about a
    third of the "Linux" screenshots out there look exactly like they
    would look if the same shot had been taken on a Hurd system, instead
    of a Linux system. Hurd and Linux wouldn't _look_ any different, in
    terms of graphical screenshots. All the differences would be the
    under-the-hood kind.

    Asking for screenshots of a kernel is like asking for photographs
    of thunder.

  13. Re:You didn't *really* mean on Bind 4 and 8 Vulnerabilities · · Score: 1

    Yes, I did. sendmail listens on a port, for connections from the
    internet. It needs to handle the data coming in from there safely,
    _regardless_ of permissions on the local filesystem.

    Incidentally, I checked, and the fs permissions issue I was talking
    about was actually / being group-writable -- i.e., members of the
    wheel group can put stuff in the root directory. The fact that
    sendmail cares about that at all is a symptom of the fact that it
    runs as root, which is generally considered to be a really really
    really bad idea for anything that listens on a port for connections
    from the internet and handles data that comes in from random people
    "out there".

    I don't happen to know exactly _what_ vulnerabilty we're not
    supposed to blame sendmail for if / is group-writable, but frankly
    it's none of sendmail's business. sendmail should be conducting
    its business in ~sendmail and shouldn't care about /, other than
    to be able to traverse it to find its binaries in /usr/bin or
    whereever. Apparently there are a number of things we can put
    in the DontBlameSendmail environment variable to get sendmail to
    run without complaining if various things that are none of its
    business aren't to its liking. It's a symptom. sendmail cares
    about stuff it shouldn't need to care about, because it's running
    as root, which is inherently dangerous and completely unnecessary,
    a legacy of the LONG gone era when people got their mail by logging
    into the mail server directly and using an mbox file. (For this
    reason sendmail wants to be root, so it can store mail in each
    user's own home directory, rather than in a subtree of sendmail's
    home directory where it ought to be.)

  14. Re:reality check on Microsoft Responds to Leaked Memo · · Score: 1

    Yes, but Burger King doesn't have McNuggets (per se), and when they
    advertise their Big King, people flock to McDonald's for Big Macs.
    It's all about consumer perception. McDonald's doesn't have the same
    market share as Microsoft and Coca-Cola, but they're only a couple of
    notches shy of it, and so far ahead of BK there's no comparison. Why?
    Mostly, their advertising is darned good. (There are other factors
    too. McDonald's always chooses effective locations, for example.
    But the advertising is a huge part of it.)

  15. Re:It's expensive, but .... on Apple Gives Laptops Speed Bumps · · Score: 1

    > If that things running 9.1
    Yep, that's what it came with.

    > and has 64MB or less, it's going to run like a cow.
    Yes it does. Maybe that's the problem. My PII/233 came with 32MB
    originally, but it does currently have a bit more than that (512MB).
    I don't _hear_ the hard drive swapping on the iMac, but maybe it is.

    > for another 128 MB, that iMac will be much happier.
    I'll have to keep that in mind, come recommendation time.

  16. Re:Viper makes me happy on Red Hat Nullifies Differences Between Bash, Csh · · Score: 1

    Okay, but Solaris, like Linux, doesn't have to be reloaded all that
    often, does it? It's not like Windows 98, that has to be rebooted
    every day just on principle. You can just turn off the monitor when
    you go home at night (or, if it's at home, when you leave for work),
    and back on when you return.

    Same with Emacs. You don't need to exit it. In fact, there's very
    little point in doing that. You just leave it running. If you once
    in a while need to use something else (Mozilla or the Gimp, probably),
    you can just minimize Emacs and come back to it afterward.

    Five (or 10-15, on my PII/233) extra seconds after each power outage
    is just not a big deal to me. The load time of Emacs _did_ annoy
    me when I was using Windows. Since I swithed to a stable OS, it no
    longer bothers me. (I now leave my web browser open for days and
    days; sometimes I put off upgrading to new Mozilla milestones for
    up to a day or two after I download them, in order to get around to
    finishing reading and closing all those tabs I had open...)

  17. Re:AMEN! on Bind 4 and 8 Vulnerabilities · · Score: 5, Interesting

    Sendmail likes to _blame_ things on the OS that are really (at least
    partly) sendmail's fault. For example, being insecure if /usr is
    group-readable. That's just silly; there's nothing inherently
    insecure about having /usr be group-readable. (If it were world
    writable, that would be something else.) (It was /usr, wasn't
    it? It's the thing you have to change in the filesystem to get
    sendmail to be secure on OS X.) IMO there's no excuse for sendmail
    to blame that on the OS; in the first place, sendmail should be
    secure regardless of the filesystem permissions, and in the second
    place if it doesn't need to read such places it should run as a user
    with fewer permissions (e.g., with its own group like Apache does).
    qmail, for all the complaints you can make about its license, at
    least takes responsibility for its own vulnerabilities.

    Are weaknesses in the OSes _partially_ responsible for some of those
    vulnerabilities? Well, sure, but the weakness is exploited through
    sendmail and does not have an impact on competing implementations;
    that makes it sendmail's problem in my book, and blaming it on the
    OS is just a way of shirking responsibility. Do you report the
    vulnerability in the OS? Heck, yes, but you also fix your app to
    not be exploitable through it. The sendmail people need to drop the
    "don't blame sendmail" attitude and write secure software. I know
    it's hard being the leading server software in a particular market,
    but when openssl can be exploited because of an issue in certain
    kernels, they patch openssl. When the openssl issue causes some
    Apache installations to be vulnerable, the Apache people release
    an advisory. It shouldn't be about placing blame; it should be
    about _fixing the problem_. The sendmail people are more interested
    in pointing fingers.

    Not that there aren't things you _can't_ work around, that have to
    be fixed at the OS level. Keeping unauthorized local users out of
    the data on a system without filesystem permissions (e.g., Win98),
    for example, is not something that can be fixed by the app, at least
    not easily. But at some point a line is crossed where the problem
    _should_ be fixed in the app. Especially if it's an app that listens
    on ports or otherwise receives data from random entities on the net.
    sendmail has a long history of being vulnerable -- way worse than
    BIND, right up there with IIS and Outlook. And it's going to
    continue to be that way for as long as they keep wanting to blame
    their issues on the OS.

  18. Re:edit.com in Windows on Red Hat Nullifies Differences Between Bash, Csh · · Score: 2

    > The Windows versions of edit.com is vastly improved over the edit.com
    > in older MS operating systems, allowing you to open 9 files at once

    Ooooh, nine files at once. It's not as if the editor I used in the
    days of DOS 3 allowed me to open nine files at once and switch
    between them quickly, and split the screen between two of them, and
    copy lines, ranges, or regtangular blocks back and forth between them...

    > not to mention the ability to open fairly large files
    Wow, now I'm certainly impressed.

    > You should check it out.
    Believe me, I'm already quite familiar with the pain of working
    with it. Pretty much every time I have to reinstall Windows on
    one of the PCs at work, I end up using edit.com for something or
    another, usually to get Windows to see the CD-ROM drive (WHY does
    Windows 9x need drivers for an ATAPI CD-ROM? They're all the
    _same_...) so I can install the drivers for the network card so
    I can download a decent text editor and browser and drivers so I
    can finish the installation. If it's a system I'll barely ever
    have to touch, I just install PFE as a drop-in replacement for
    notepad. If it's a system I'm going to have to use with any
    frequency at all, I also install Emacs. If it's a system I'm
    going to use a _lot_, I install several megabytes of sitelisp.

  19. Re:reality check on Microsoft Responds to Leaked Memo · · Score: 5, Insightful

    > If you want to make money..., you first find something that people
    > want, and then develop products to fill that need.

    That works if you want to make a reasonable amount of money, but if
    you want to make trainloads of money, you have to find something you
    can produce in large quantities cheaply, that other corporations will
    be unable to exactly duplicate. That's the hard part. Then you hire
    a bunch of marketing people to make everyone WANT this product, and
    you're all set. Whether the product was something people really
    wanted before your marketing people got to them is of only partial
    importance. It does make the marketing job easier, but its impact
    is not nearly as significant as you might think. With the right
    marketing campaign, you can sell anything. I'm convinced you could
    sell used dental floss with the right marketing. (That would not
    be a useful business strategy, of course, because other companies
    could readily produce lots of their own used dental floss to sell,
    driving down the price to next-to-nothing, and then you could no
    longer afford to pay your marketing people. The trick is to find
    something nobody else can produce, so you can set the price where
    you want it.)

    And BTW, when I originally came up with that explanation, I was not
    thinking of MS. I was thinking of McDonalds. There are other fast
    food joints, yes, but McDs employs creative use of trademarks and
    customer perception to make sure that none of the competitors can
    really deliver quite exactly the same product in the eyes of the
    consumer. That said, Microsoft is another example of the same phenomenon.

  20. Re:But thats not the real problem right? on New Apache Module For Fending Off DoS Attacks · · Score: 2

    To stop a non-bandwidth bogus-request attack, you just turn on syncookies and that's that. This module is designed to stop a different kind of attack, wherein the clients are completing entire transactions too many times and thus consuming your bandwidth. There are other types of DOS attacks too -- reflection attacks (where you get a ton of ACK packets from all over the internet, using up all your bandwidth), for example, have to be stopped at the router level upstream, which prevents the server from completing any transactions as a client (over the internet; it can still get through over the LAN, of course).

  21. Re:Unknown languages that no one speaks. on Open Fonts For The Web -- Harder Than It Sounds · · Score: 2, Informative

    > The USA won WWII

    Err, no. The adoption of English as the foremost language of
    international trade was pretty much a done deal by 1900. Of course,
    this has changed before, and may change again, but the wars in the
    twentieth century have pretty much nothing to do with it.

    Anyway, I don't think it matters what _languages_ these fonts do
    or don't support, as long as they have all the needed symbols to
    support MathML. That means Latin and Greek alphabets at minimum,
    plus aleph (from Hebrew), and of course all the various non-letter
    symbols.

  22. Re:should anybody choose to actually read the arti on Open Fonts For The Web -- Harder Than It Sounds · · Score: 1

    > Won't most of these new non-alphanumeric symbols just be ignored by
    > google's search tokenizer anyway?

    If so, it would be trivial to design a math-oriented search engine.
    Getting everything out there switched over to MathML from the various
    horrible hacks (make the whole equation an enormous image, use a
    thousand <font> tags and tell the user to either install the sixteen
    fonts you found your symbols in or go away, do the entire paper in
    Unportable Document Format, make images for each of the various
    symbols and use RHNTLFTP (Really Horrific Nested Table Layout From
    The Pit), or whatever else you can dream up that somehow gets the
    thing to look almost right on the screen ...) is the hard part of
    that problem.

    Once the documents use clean and consistent markup, searching becomes
    somewhat easier.

    I still want the ability to link to certain positions in other
    peoples' web pages where they didn't think to put a named anchor...
    Then again, I want too much. I'm horrible that way. Our library's
    catalog automation software vendor asked us at a convention once
    what features we'd like to see added, and the first thing that popped
    out of my mouth was the ability to search the full text of all the
    books in the library. (Thing is, I was serious. I want that feature.)

  23. Re:Why users "should" switch on Mozilla: The Good And The Bad · · Score: 1

    Indeed, I got the error too, but upon closer inspection I discovered
    that the "JavaScript" checkbox on my prefs toolbar was unchecked. I
    turned it back on, and Excite works fine. Mozilla 1.2 beta.

  24. Re:Why users "should" switch on Mozilla: The Good And The Bad · · Score: 2

    > >Why do you need to remove IE to use another browser?
    >
    > Oh... that one isn't so hard.

    Actually, you don't have to remove it per se, but you do need to
    upgrade it to at least 6.0, select Custom install, click the Advanced
    button, and tell it not to make itself the default browser.

  25. Re:Most are already fixed on Mozilla: The Good And The Bad · · Score: 1

    > I got lots and lots of stuff breaking with 1.2

    Yes. The most stable version is still 1.0.1.

    You upgrade to the alpha or beta builds only if there's a compelling
    new feature that you really want, or if you just want to help with
    testing. (In my case, I can no longer stand the backward-closing tabs
    of the 1.0 era, so I use 1.2 beta. It's funny what I can no longer
    stand, that I thought was so wonderful when I was comparing it to
    something a bit older.)

    Then there are the nightlies; you use those when you're really really
    desparate for a new feature that just hit, or if you need to stay
    current for testing purposes. During the 0.9.5 days I was using the
    nightlies because the tabbed browsing stuff was improving constantly.

    There was a time, during the 0.9.9/1.0RC era, when you could actually
    improve your stability in some cases by jumping to a nightly build.
    I imagine we'll see a repeat of that during the buildup toward 2.0.
    But during the 1.x dev cycles, more of the work being done is feature
    work, and if you want stability you go with 1.0.1

    Speaking of stability... 1.0.1 still has some stability issues
    with printing certain types of malformed pages. (Sure, we can all
    say the pages are malformed, but while that's an excuse for rendering
    them differently than intended, it's no excuse for crashing.) I hope
    during the 1.x cycle that can get cleaned up enough that the 2.0.x
    series can be really truly rock solid.