Slashdot Mirror


User: stratjakt

stratjakt's activity in the archive.

Stories
0
Comments
6,903
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,903

  1. Re:Sure.. on A Taste Of Computer Security · · Score: 5, Insightful

    The problem is deeper than that, don't ask a RHCE to tighten down a Slackware or Gentoo box. Linux distros can be worlds apart. For instance, Slackware doesn't have /etc/init.d, it uses rc.d scripts, etc.

    They store config files in different places, with different names (ldap.conf vs nss_ldap.conf, etc). They install apps to different places, and so on and so on. Now we can deal with XFree vs X.org (migrating to X.org on Gentoo also broke, well, almost freakin everything I use, and I still don't know how to properly configure the new font paths for tightvnc)

    For that matter, don't ask a guy who's RHCE is a year old to secure a RedHat box, because for all you know, he doesn't know shit about, as an example, Samba 3.0's new config options or iptables (since he was taught ipchains). The OSS world likes to completely reinvent apps between revisions, for some reason.

    Whereas, one XP box is pretty much the same as the next, and not far removed for Win2k.

    I've had the same problems with both. I installed PuTTY in Windows as Administrator, tried to run it as a user, oops.. No user rights.. This is when you find out what kind of user you are. Do you switch to Administrator, screw around with permissions, and test until it works and you feel it's secure, or do you just go "fuck it" and add your username to the Administrators group so you don't have to deal with that kind of shit every day.

    I'm not ashamed to admit I'd put myself in the latter category. Screwing around with filesystem ACLs and group memberships isn't what I like to spend my time doing. My firewall/router is about the only "secured" box on my home lan, which is fine, since I lock the doors when I leave so the likelyhood of a script kiddie sitting down at one of my machines is low.

    There is a point to be made, and it's that it's nearly impossible to have the best of both worlds. It's either simple and painless to use (desktops), or super-hardcore secure (servers). Both OS's can function in both roles.

  2. Sure.. on A Taste Of Computer Security · · Score: 4, Interesting

    Most notably it includes probably one of the most fair and intelligent analysis of the Unix-Vs-Windows security issue that I have ever seen."

    Ok, so his thesis seems to be that Windows is insecure because it's too hard? Is this guy on crack?

    There are too many "knobs." The exposed interfaces are either too complicated, even with documentation, or too weak and limited. Security on Windows is hard to configure correctly (try setting up IPSEC).

    This guy can't seriously expect me to buy his argument that properly configuring a unix box is "easier", can he?

    This isn't a fair analysis, it's just more "MS is teh gay linucks is awwwwsome!!!!!11!" tripe.

    It's really not hard at all to secure Windows, and you can lock it down every bit as tight as any Unix if that's what you want to do. Just because people don't doesn't make it the OS's fault.

    How about all the newbies running their X sessions as root because it's the only way they can get the soundcard/dvd-r/tv-tuner/misc hardware to work?

    Is it Linux's fault that once you start piling OSS layers onto ALSA and jam the whole pile of shit into Gentoo's default devfsd setup, that it's a huge pain in the ass to get a non-root user to be able to play sounds? Cuz it is. Don't give me the bullshit about "all you have to do is add the user to the audio group" stuff.

    What about lazy fucks like me who quit trying to have their daemons chroot and su to another user, because every fucking time they type emerge -u world portage decides to change all the file permissions and ownerships around, so now all of a sudden slapd cant read or write it's data directory, hosts.allow and hosts.deny are no longer world-readable, etc, etc.. Fuck it, the only way to guarantee my LDAP server stays up is to have it run as root. And, of course, it has to stay up, else noone could log in.

    I can't remember which distro now, but it shipped with a single * in the xdm's Xaccess file - ie; anyone anywhere could get a local X session on it.

    What about every app that uses svgalib having to be suid root, or run as root. Those mythTV boxes and advanceMAME cabs are just big fat fuckin backdoor waiting to be exploited.

    The only point I'm trying to make is, any PC out there is no more secure as it's user/owner/admin and the apps they run. Most normal people dont enjoy spending 8 hours a day doing nothing but configuring their systems.

  3. Re:Next generation? on The Linux Filesystem Challenge · · Score: 1

    Yeah, it's one of the kludges, hacks and workarounds I mentioned.

    I'm talking about native support from the ground up, out of the box functionality.

  4. Sure on Phish Scams Fooling 28% of Users · · Score: 1

    I'm never going to trust research that's done by corporations to generate or augment the need for their products.

    Obviously they weren't testing the premise of "people aren't that stupid, and probably dont need our fancy products"

    Yeah, if you look hard enough you'll find people stupid enough to fall for anything. That's no feat.

  5. Re:Filesystems are tools on The Linux Filesystem Challenge · · Score: 1

    I hereby nominate you to be the person to whom all queries of the following type shall be redirected to, now and forever:

    "hi im noo to linux and i want to know if i should pick ext2, ext3, xfs, jfs, nfs, bfs, cifs, ntfs, vfat, fat, umsdos, reiserfs3 or reiserfs4. im using gentoo i bought from best buy and want to play doom 3 thnx?"

  6. Next generation? on The Linux Filesystem Challenge · · Score: 5, Interesting

    Lets get the "this generation" filesystems working correctly, shall we?

    Solid, universal support for ACLs, and while we're at it, let's fix the whole user/group namespace mess Unix has with it. Let's use an SID-style id like Windows does.

    For example: my small network at home, centrally authenticated through ldap.

    Now, windows knows the difference between the user "jim" on local machine A, "jim" on machine B, and "jim" the domain user. They'd be shown as MACHINEA/jim, DOMAIN/jim, etc.. The various SIDs take the domain (or workstation) SID and append the UID. So if his number is 100, his sid is "long-domain-sid" + uid. So when you pass around sid tokens, you know exactly which jim you're talking about.

    Now in linux, we just have numbers for users and groups. If user 100 on machine A is "jim", user 100 could be "sally" on machine B. Moving that stuff to ldap becomes messy, now I have to reconcile the numbering schemes of all the machines I want to migrate. Ick. And you get all kinds of screwy stuff sharing folders, if you ls it on one machine it'll show wholly different ownerships.. Is the source of about a billlion and one nfs security holes.

    And of course, since a file can only have one permission set - owner, user, group, it sure does make for some sucky shit. The lazy among us would just run as root all the time to avoid the whole damn mess.

    I know there's a circle jerk of workarounds, patches and gotchas to avoid this, but it should never be a problem in the first place. The basic unix security model is out-of-date, and is the source of many systemic problems.

  7. After it's built.. on SGI & NASA Plan 10240-Processor Altix Cluster · · Score: 2, Funny

    It whirs and clicks and sputters..

    Finally, the following cryptic message mysteriously appears on it's console:

    42

  8. Re:Oh, for Pete's sake... on Hitchhiker's Guide Trailer Online · · Score: 5, Funny

    It occurs to me, that when those "authenticity" geeks who go to movies to point out continuity flaws (like the spiderman article here on /. a few weeks ago) see this movie, their heads will explode.

    I can just see them feverishly scribbling into their zaurus': "Continuity Error #123231254: Shot clearly shows ICBMS, next shot they appear to be a bowl of petunias and a whale." "Error #1534534534: Ford turns into a penguin.", etc..

  9. Torrents? on Hitchhiker's Guide Trailer Online · · Score: 1

    I really want to see how they pull this off. I've been rereading the books lately, I'm just partway into "So Long" now. Never read Mostly Harmless or "Young Zaphod plays it Safe" before, so that'll be fun.

    I just read the part where Ford sits waiting for the Guide to be updated, and it says something about him waiting for 15 years of his work-life to dissappear into the ether. I couldn't help thinking of todays .com cyber-employees, and the parallel. Perhaps it was somewhat prophetic, perhaps it's just exactly improbable enough.

    Offtopic, I went to Borders and bought the "leather" bound "Complete Hitchhikers Guide". It's got all the books in one, seemed like a deal to me. I noticed on the spine of this tome, it lists this "Young Zaphoid Plays it Safe".

    Zaphoid! How does a typo like that pass the publisher? The story is spelled wrong on the spine of the book.

    Anyhow, movie or not, encourage people to read the books. There's so much wit and puns and wordplay that just couldn't translate onto the screen.

  10. Tax it on Japan Considers Taxing of WiFi · · Score: 1

    If it's offered commercially.

    Wouldn't it already be covered by some tax? If I pay 20 bucks an hour at starbucks (no idea what it costs), isnt there some goods or services tax applied in the US (depending on state?)

    Any time money changes hands, the government will make sure they get some. The beatles wrote a song about it and everything, try not to be too shocked.

  11. Re:That Certainly Puts My Mind at Ease on Democratic Convention Computer Security Threat? · · Score: 1

    Right, because the best people to monitor and protect Windows XP laptops are linux zealots who prove time and time again on slashdot they actually know very little about it.

  12. Re:Stupid fears.... on Democratic Convention Computer Security Threat? · · Score: 1

    So check the laptops to make sure they're up to date at the door, dont let them be used if it's not.

    Or, I suppose, we need some super-complicated technical solution to a very simple social problem.

    Just like checking kids for headlice before they start the school year.

  13. Re:it means on Joe Trippi Interviewed · · Score: 1

    No, there was no trickery. He acted like a moron, hollering and pumping his fists, plain and simple. Accept it. There was no media conspiracy against him. He also lost his cool during the debates. The guy legitimately came off as a hothead.

    Personally, I think he was a vastly better candidate than Kerry. I think Kerry's a fool. But, he blew it. This was a presidential race, not a high school pep rally. He doesn't deserve that much pity. I didn't get the democratic nomination either.

    "We're goin go dallas!!!! We're goin to vegas!!! We're goin all the way to DC!!!! WE'RE GOIN TO WRESTLEMANIA!! YOU WILL RUE THE DAY!!!! YEEEEEEEEEEEEEEAAAAAAAAAAAGGGGGGGGGGGGGGGGGGGGHHHH HHHHHH!!!!!"

  14. Re:Too complex: time for microkernels? on No 2.7 Linux Kernel Branch Due Soon · · Score: 1

    Guess this articles to buried to bother posting.

    I may as well pontificate my wishes for the OS of the future.

    Completely irrelevant kernels. Who the hell cares if you're using linux, nt kernel, darwin, bsd, hurd.

    I'd love to see some ABI standards. A standard driver model. Think about it, the PCI (or AGP, PCIX, USB) bus is always the same talking to devices, as far as the bits flipping around. It matters not if it's linux or Windows or even a wholly different CPU architecture, like a Mac.

    Imagine an open standard driver interface. There exists only one driver for a given device, you use it for whatever OS you have. Kind of like this kernel wrapper for windows binary wireless drivers. Make everyone happy, lots of mfgs want to release only binary drivers to protect their (actually a thing that exists in physical reality) hardware patents and whatnot.

    Now a standard executable format, or multiple formats. MS's PE, ELF, a.out, java or .net binaries, etc..

    Subsystem support, like NTs kernel has. Wan't a POSIX interface? A "Mac" subsystem (for lack of the better term), a Linux subsystem (like coLinux), win32 subsystem.. Now, I get the mac subsystem from Apple - and run it on whatever hardware I have. Who cares, a 3+ ghz P4 should be able to do a great job emulating PowerPC (and vice-versa). I get my win32 subsystem from MSFT. They make their money, if I want or need their subsystems.

    Eventually the kernel will be irrelevant. Maybe the linux kernel is good enough, maybe some super-perfomrance proprietary one.. Irrelevant.

    I could just download software and run it.

    OS's become a commodity. You pay for what's bundled on the CD, how it's set up, all the convenience. They no longer sell the steak, but the sizzle, so to speak. MSFT's monopoly is essentially broken, as they become irrelevant since every OS out there does more or less the same thing.

    That's just my utopian vision of the future. The kernel is just one, relatively small, even if vitally important, piece of software. I'd like to pick my kernel the same way I pick my HTTP server, knowing they all do pretty much the same thing.

    Though I know it'll just be more incompatibility, more hacky kludges and emulators like cygwin or wine to make systems play nice.

    Oh well, I can dream

  15. Re:An Executive's plaything on Tablet PCs Enter Reality · · Score: 2, Interesting

    All depends what you're going to do with it.

    Another poster mentioned drawing. Basically a digital sketchpad. If that's what you wanted to do, it sounds like this would fit the bill nicely. Apparently Penny Arcade use a tablet PC for their artwork.

    Or someone who needs to take notes while on foot, it could be used like a clipboard and pen. The home inspector who did my inspection comes to mind, he had a cute little laptop, but had to put it down on the floor or do other awkward poses to take notes as we went room to room.

    Frankly, this would probably be easier to use in tablet mode on a plane than my bulky Gateway laptop, which is a great laptop, but the screens to big to fit on a fold-down tray.

    I have no need for one either, but don't fall into that slashbot trap of "I can't use it therefore it's worthless!"

  16. Re:Misleading? on SCO's claims Against Daimler-Chrysler Thrown Out · · Score: 1

    No, I'm not confusing anything. The articles frequently come from heavily biased sources like LinuxWorld or the Register. They're submitted by some user with his own lil comments, then michael or Taco are compelled to tag on their opinions.

    The articles tend to blur together into "MSFT, the big dumb monopolists screwed up again! Read more to find out how awesome linux is, and why you should buy an iPod and support the EFF!"

    I wouldn't even trust groklaw for the straight dope, they are an orginization with an agenda.

    Frankly, I wouldn't trust any one single source for the facts. If I cared about the specifics of this case (and I don't) I'd probably read the rulings and decide for myself.

  17. Re:Tablet PCs for Linux on Tablet PCs Enter Reality · · Score: 1

    First, wait X years for the tablet hardware to be supported in the kernel, then we can talk about userspace apps.

    There is handwriting recognition stuff around, there has to be, Zaurus does it, no?

    If not, some entrepreneur could always use linux to cut costs, and write/lease/whatever the handwriting part.

  18. Re:So many ways to get it on UK High Court Rules Modchips Illegal · · Score: 1

    You can still cog swap, warez kiddie.

    Until they declare a law that states "you may not jam a plastic doo-dad into your PS2 to force the tray open and swap in a new game nor may you remove the cover and swap discs by hand", your collection of warez is safe.

  19. Re:Misleading? on SCO's claims Against Daimler-Chrysler Thrown Out · · Score: 2, Insightful

    Probably neither, I wouldn't come to slashdot looking for facts.

  20. Re:Express PCB on From Your PC to Reality in 3 Easy Steps · · Score: 2, Informative

    Those guys are much cheaper, 3 4-layer boards for 50 bucks vs 70 bucks for a single-layer board from pad2pad.

  21. Re:I wonder on From Your PC to Reality in 3 Easy Steps · · Score: 1

    It would be like handing a company millions of lines of source code and telling them to check if it works, without running it first. .. or even knowing what it's supposed to do.

    I wonder how accessable these guys are to the hobbyist, like myself. I've acid-etched lots of neat-o circuits, but you can only do so much with such techniques. I've had plenty of ideas/designs that I just couldn't feasibly manufacture.

    Also, I've built stuff that may even have a very slight commercial value to myself, but not enough to warrant a multi-million dollar investment - but stuff maybe a handful of other geeks would like. Ie; a USAJAP conversion "module" for a TG16 (not terribly complicated, just reverses the bit order on the data bus) It'd be nice to be able to order a few dozen PCBs, assemble my gizmos, sell em over the web for pocket change.

  22. Re:Patent system is messed up on Microsoft, Apple Sued Over Software Update Patent · · Score: 1

    The photograph was taken through a viewfinder that uses a combination of moving images taken behind the wearer to give a transparent effect.

    The blurb seems to say that that's basically a fancy photoshop effect, and that he's in the beginning stages of research.

  23. Re:EVERYTHING is obvious in hindsight. on Microsoft, Apple Sued Over Software Update Patent · · Score: 1

    Traditionally Microsoft hasn't sought or used patents. That's always been Apple's forte.

  24. Re:Prior art. on Microsoft, Apple Sued Over Software Update Patent · · Score: 5, Interesting

    This is a combined Continuation of U.S. application Ser. No. 08/641,010, filed on Apr. 29, 1996, and entitled "COMPUTER-IMPLEMENTED TRANSPORT OF ELECTRONIC INFORMATION OBJECTS," which is a Continuation-in-Part of U.S. application Ser. No. 08/251,824, filed on May 31, 1994, and entitled "SYSTEM FOR AUTOMATIC UNATTENDED ELECTRONIC INFORMATION TRANSPORT BETWEEN A SERVER AND A CLIENT BY A VENDOR PROVIDED TRANSPORT SOFTWARE WITH A MANIFEST LIST," which as U.S. Pat. No. 5,420,820 on May 30, 1995, and U.S. application Ser. No. 08/982,157, filed on Dec. 1, 1997, now U.S. Pat. No. 6,125,388 and entitled "COMPUTER-IMPLEMENTED TRANSPORT OF ELECTRONIC INFORMATION OBJECTS," which is a Continuation of the aforementioned Ser. No.08/251,724 filed May 31, 1994 (now U.S. Pat. No. 5,694,546). All of the above-identified applications are incorporated herein by reference in their entirety.

    This "iteration" of the application was filed in 2000, but to show prior art you probably have to untangle all of that crap, and show something that existed back before May of '94.

    Oh, and go fix mono, it's broken. Thx.

  25. Re:Patent system is messed up on Microsoft, Apple Sued Over Software Update Patent · · Score: 1

    Link, please, all I can find are articles about these things existing in the wonderous future, with personal jet-packs and meals-in-a-pill.