Slashdot Mirror


User: Ed+Avis

Ed+Avis's activity in the archive.

Stories
0
Comments
4,579
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 4,579

  1. Re:Why? on Shutting Down Worm-Infected Broadband Users · · Score: 2

    No, if you connect your system to the net it is your responsibility to deal with packets coming in on port 80. You *deliberately configured* your machine to run a webserver and accept connections on port 80. Having done that it is your responsibility to make sure the machine is programmed to respond sensibly to whatever requests are made.

    If I walked over to your server and pulled the plug then you'd have a legitimate complaint. But if you listen for information and my machine sends information, it's entirely your problem if you've set up your computer to do something stupid when that information arrives. If you don't want the information then don't listen to it.

    If I sent someone a letter saying 'please jump off a cliff', and he were stupid enough to obey, would that be my fault? Why is it any different if he'd programmed his computer to obey instructions sent over the network?

  2. Re:Scientific American on Dmitry on Anticircumvention Laws Seen as Threat to Science · · Score: 2

    The Russian attitude seems sensible to me. There's little point in having legally provided rights if you then allow publishers to make up misleading statements ('no, you cannot record programmes from your set-top box') and technical obstructions to exercising those rights. Of course, in the US, the presence of a technical obstruction eliminates any legal right the user had...

    In Britain there are sometimes signs in shops promising free refunds if you're not satisified. All these signs have some small print at the bottom: 'This does not affect your statutory rights'. The shops could be in trouble if there were the merest hint that they were trying to alter or take away the rights granted to consumers under trading laws. Similarly it is illegal to put up a sign saying 'no refunds'. If it's not allowed to mislead consumers about their rights in this area, why is it acceptable to publish official-sounding 'licence agreements' which attempt to cancel rights explicitly granted by copyright law?

  3. Re:Why? on Shutting Down Worm-Infected Broadband Users · · Score: 2

    A substantial fraction of my expensive bandwidth is being eaten up because other people (mostly also customers of my ISP) can't be bothered to patch their systems.


    So the service provider should simply have bandwidth caps. Or bill users according to their usage. If someone wants to run an insecure system that eats up bandwidth, that's their concern.



    I can imagine a two-tier system where you choose either (a) metered bandwidth and keep out of my hair or (b) pay a fixed price but the ISP is allowed to snoop on what you do and block off your access if you're using too much.

  4. Why? on Shutting Down Worm-Infected Broadband Users · · Score: 2

    Why is it an ISPs job to have any concern over what's passing across the wires? They are just packets and that should be that. If users wish to run systems which are configured to respond in a particular way to particular requests on port 80, that's the users' business.

    I don't see this as caring or responsible behaviour by the ISP - I see it as unwelcome nannying. As the poster said, users should be responsible for their own systems.

  5. Re:Filesystem loops on Tarpits for Microsoft Worms · · Score: 1

    If there is some limit on how deep symlinks can be followed, it's a very high one...

  6. Filesystem loops on Tarpits for Microsoft Worms · · Score: 3, Interesting

    Within my home directory I have a couple of symlinks pointing back at the root of the home directory. Because it's exported by Samba to Windows machines, and Windows (or rather, Win32) doesn't know about symlinks, the 'Find File' utility from the Windows Start button would get stuck descending forever into these links. I can't say for sure, but it's possible that a few worms like ILOVEYOU were thwarted or slowed down by this, if they do a depth-first search for files to infect.

    Unfortunately, I think that in the end Samba was reconfigured not to serve symlinks :-(. It would be nice to have an option to serve the first level of symlinks but not allow recursive ones.

  7. Re:what is it good for? on 2.2 GHz Xeon · · Score: 2

    I think the driving force behind faster CPUs might be doing more stuff in software. Software modems, software Ethernet - in time, accelerated graphics cards may become unnecessary becuase the processor can do the 3d rendering fast enough. At the moment it is easier just to have dedicated hardware for this, but there will come a time when spending an extra $X on a faster CPU gets more improvement to your system than the same amount spent on dedicated hardware. So I don't necessarily treat USB2 as some kind of Intel conspiracy to force everyone into getting a faster CPU; it might genuinely be the cheapest and simplest way of doing things.

    In a way it's a pity for Intel that memory is now so cheap. If things had remained how they were in 1996, 'RAM doubler' type stuff which compresses pages of memory would now be commonplace. That would _really_ munch processor cycles...

  8. Re:What is the point of WAP? on WAP Bashing · · Score: 2

    Wireless 'net access won't really take off until phones start offering real web browsing with, like, actual HTML support. But once that happens, people will realize that HTML isn't ideal for this, and little by little sites will start offering WAP-optimized versions to improve the user experience a little on small devices. WAP will take off only once it is no longer required to access the web on a mobile. At least, that's my prediction :-).

    (Suggestion: use some proxy such as Betsie to bash ordinary web pages into a form suitable for small devices.)

  9. Re:J2EE-ish support? (for java CA) on Apache Tomcat 4.0 Final Released · · Score: 1

    Debian needs a way to say 'install this package from unstable, plus all its dependencies, but nothing else'. Everything else on your system remains unchanged, so you don't have to move the whole machine to unstable just to get the latest version of Postgres or whatever. In fact I think it should pull the source packages from unstable, compile and install them (don't want to install binaries compiled against the wrong version of the C library). I heard that newer Debians have some feature like this, is it true?

  10. Track down other stuff on Whither OpenAL? · · Score: 1, Offtopic

    This is nice, but couldn't Ask Slashdot deal with things a little closer to home?

    'Anonymous Coward writes: A few years ago, Slashdot had several comments by the user MEEPT!. There was much excitement around it. But if you check the site now, the last MEEPT! comment appears to be from December of 1999! Does anyone know of a good (preferably non-goatsex-infested) site for such comments? The only answer I get when I ask Slashdot users this question is to be moderated (-1, Offtopic). I'd love to read Slashdot instead of having to move to Kuro5hin again. Any pointer or hints about the current status of MEEPT!? Are there any alternatives?'

  11. Re:Bugzilla rocks, indeed. on Mozilla's 100,000th Bug · · Score: 1

    The only downside is that Bugzilla is slanted towards bug tracking. Is anyone using it for more general task tracking (support requests, for example, or something completely unrelated to computers)?

    What customizations to Bugzilla would be necessary to do that?

  12. Re:Collection of icons on New Themes.org Almost Ready; Needs A Little Help · · Score: 1

    Thanks for the links: of the three only iconarchive.com looks reasonably sane. I'll submit icons to that site. It would still be better to have a big tarball of icons with descriptions (browsing through images doesn't scale as well as grep does) and no strings attached. But maybe there's not a great demand for that since whatever desktop environment you are using (KDE, Windows, whatever) will come with a standard set of icons and you should use those whenever possible.

  13. Re:It would be cool if... on New Themes.org Almost Ready; Needs A Little Help · · Score: 1

    Can you elaborate on how installing themes is a security problem? Why is it different to installing any other software as root?

    I was thinking that a good supply of themes could be included as part of your distribution, that would reduce the need to download stuff.

  14. Re:why on HP Introduces A Bluetooth Printer · · Score: 3, Informative

    Yeah, a network interface on a printer is often a cause of trouble. It's bad enough if it has an open lpr port where anyone can print to it - you end up having to firewall the printer to stop unauthorized printing. It's worse if there is some fancy-schmancy 'control panel' available with a web browser; again, either there's no security or at best it involves a plaintext password.

    And the sophisticated queuing software installed on many printers tends to crash, with no way to fix the problem (since you don't have the source).

    But none of this is necessary. It would be much easier just to have a parallel port connected to a print server (which you will probably need anyway) and do any queuing or other fun stuff on the print server, with software you can fix, on an operating system you're familiar with. Removing an extra layer of queuing (the printer's own queue) would also lessen the black-hole-ness of submitting a print job and make it easier to cancel or promote jobs (can be done on the print server). Cutting out the unncessarily bloated firmware would probably make the printer a bit cheaper also.

    The only intelligence that needs to be on the printer is a PostScript rasterizer, and even that isn't necessary if you can get a 600dpi bitmap page to the printer fast enough. It's a shame that SCSI-based printing never really took off. Although parport is pretty fast these days too.

  15. Re:Collection of icons on New Themes.org Almost Ready; Needs A Little Help · · Score: 1

    I was thinking of collections of icons (with some kind of descriptions or classification) which could be used in building themes. Not necessarily a matching set, just some icons you might want to use. O'Reilly's Unix Power Tools CD has the Poskanzer Bitmap Collection (lots of black and white icons, suitable for very old-school looking themes) but I haven't found a general collection place for free icons anywhere.

  16. Re:Idea for other bicycle project... on 802.11b Network Scanning In London And Amsterdam · · Score: 1

    But if you bought a paper map and scanned it in, you wouldn't be able to distribute it with your application.

  17. Re:Idea for other bicycle project... on 802.11b Network Scanning In London And Amsterdam · · Score: 1

    Streetmap details don't change that frequently (not where I live: an area might be completely redeveloped, but incremental changes to existing street layouts are rare). Of course actually buying a map maintained by professionals will be the best option for a long time to come. I was thinking of applications like route finders: if these are to be free software or usable over the web, they need to have a set of free maps. The quality doesn't have to be perfect, just good enough to navigate from A to B.

  18. Re:Couldn't do it alone... on Maker of Kournikova Gets Wrist Slapped Too · · Score: 1

    I'd like to know who thought it would be a good idea to expose a scripting API to untrusted email messages. I mean, it's not something you can add to the program by accident...

  19. It would be cool if... on New Themes.org Almost Ready; Needs A Little Help · · Score: 3, Interesting

    Is there some way to automatically generate RPMs or dpkgs for window manager themes? Linux distributions could include a few hundred popular themes and a way to switch between them: that might get more new users addicted to the whole theming and eyecandy thing. Hmm, maybe not such a good idea ;-).

  20. Collection of icons on New Themes.org Almost Ready; Needs A Little Help · · Score: 2

    Is there a place for collections of icons and bitmaps for use in applications and themes? I couldn't find any sets of icons on themes.org.

  21. Re:Couldn't do it alone... on Maker of Kournikova Gets Wrist Slapped Too · · Score: 2, Insightful

    The biggest security problem is failing to distinguish between opening a file and _executing_ a program. Remember when the standard line was, you cannot get a virus just from reading a message? That is still true, but Outlook (and Windows as a whole) deliberately blurs the line between reading information and executing code, so it's possible for users to become infected just by choosing to 'open' a document. Really Windows should have two different actions, 'open' and 'execute', but given that it doesn't, Outlook should at least make some effort to figure out those file types that are likely to execute code when run (.exe .com .bat .pif .cmd, maybe others) and warn about them. It's been a while since I used it ('Outlook 98 copyright 1997 Microsoft Corp.') but judging by the spread of worms it doesn't seem to have improved.

    Another factor contributing to the confusion between files and executables is the 'user-friendly' hiding of extensions, as used by Loveletter (loveletter.TXT.vbs, or something like that). And of course there is no excuse for basic errors like buffer overruns - a few such bugs are forgivable in ordinary applications, but an Internet mail client really needs more care in design.

    Finally, these weaknesses have often been pointed out and exploited for several years now. Yet Micrsoft never seems to do anything about them (apart from some kludge to drop all .exe attachments at the mail server). So it's hard not to class that as in some way 'deliberate'.

  22. Idea for other bicycle project... on 802.11b Network Scanning In London And Amsterdam · · Score: 2

    This may be OT, but I'd like to see bicycle + gps unit + digital camera == cartography (somehow). Maps are expensive and non-free in many countries (seems the US is lucky here to have govt. information in the public domain), but it seems that somehow you could gather free street map information just by walking around with a GPS-enabled PDA and occasionally typing in information like 'I am crossing over the junction of Fred Street with Jim Road'. Taking pictures and having them automatically associated with your current GPS location and compass direction would also be cool.

    (Just an idea, maybe one day I'll get a PDA with GPS and a digital camera and try it out. But the kit seems a bit expensive at the moment.)

  23. Re:Couldn't do it alone... on Maker of Kournikova Gets Wrist Slapped Too · · Score: 2

    I agree. Microsoft should not be held responsible for writing the Outlook program; the fault is with those stupid enough to run it. The same principle should be applied to the person who wrote the Kournikova worm.

  24. Couldn't do it alone... on Maker of Kournikova Gets Wrist Slapped Too · · Score: 3, Troll

    Will the makers of Outlook go to court for actively helping the spread of the worm by deliberately insecure handling of attachments?

  25. Automatic static page failover? on Handling the Loads · · Score: 5, Insightful

    Couldn't the switch to static pages happen _automatically_ if the database goes down? The only difference to most users would be inability to post comments.

    Hmm, that is actually quite a problem (though still better than just having the site go down). Maybe a 'comment spool' where the comments can be saved as flat files, ready to be inserted when the DBMS comes back up?

    Anyway, kudos to Taco and the gang for keeping Slashdot up. Three million pages in 24 hours... how does that compare with the really big sites like Yahoo, AOL and CNN?