Slashdot Mirror


User: DarkOx

DarkOx's activity in the archive.

Stories
0
Comments
6,020
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,020

  1. Re:Why not stick to real risks? on The Risk of a Meltdown In the Cloud · · Score: 1

    I am not a cloud advocate by any means, but there is somethings different this time. The network is more portable. The trouble with those terminals was they we tied to that rs232 line either back to the FIP or to a modem and phone line. Now cellular and wireless let you take the network *almost* anywhere. Second at least form a human interactivity standpoint time sharing no longer means you sit and wait while someone else uses the computing resources. There is less need for independent processing, and storage now.

  2. Re:It has to happen on The Risk of a Meltdown In the Cloud · · Score: 3, Insightful

    If the cloud is not more robust than what your grandma could come up with on her own then what's the point really?

    That is exactly it. The cloud is more robust than what grandma could come up with or what I have time to manage for her. Grandma has some family photo's, a cookie recipe or two, and *maybe* some financial statements etc. Some of it might be tragic to loose but its a loss we can live with.

    The F1000 I work at on the other hand certainly can build something more robust at least as relates to their specific needs; if they simply put up the dollars. Certain parties are trying bill the cloud as way to save money without sacrificing reliability. Perhaps it does offer good security against traditional risks of hardware failure, run away support costs, etc; but it brings new risks to the table as well. The truth is as an industry we know less about identifying, controlling and mitigating those risks than we do about in house solutions. That is a point that is being missed by lots of decision makers.

  3. Re:It has to happen on The Risk of a Meltdown In the Cloud · · Score: 4, Informative

    I am sorry but we have been virtualizing things by one name or anything going back to 1960's mainframes. In other words almost as long as commercial computing has existed.

    The cloud is a different matter. The issue is not with virtualization but with creating dependencies on and between parties who don't really talk to each other.

  4. Some people on CEO of TuCloud Dares Microsoft To Sue His New Company · · Score: 1

    This is not a hard concept you don't poke the bear. Its one thing to setup a service they might like for some reasons and hope they ignore your strained interpretation of the license agreement it's another dare them to sue. Microsoft has an in house legal team, I am sure one or more of those people need a project, this could cost Microsoft next to northern and this guy everything. The only reason I can see to do this is breaking the agreement in court but I doubt that will happen

  5. Re:Context? on Apple to Buy Back $10bn of Its Shares and Pay Dividend · · Score: 1

    This is another vaild point. Dividends attract anyone wanting to hold a stock, and higher share prices usually attract institutional rather than retail investors (Know anyone personally who owns a share or BRK.A?). Doing those two things is a strategy for reducing volatility in share price.

  6. Re:Context? on Apple to Buy Back $10bn of Its Shares and Pay Dividend · · Score: 2

    If APPL leaves the number of shares out standing constant, and retains them as treasury stock it does dilute the voting power of investors. Part of this may be to free the board and management to take more independent actions.

  7. Re:Did anyone think it was secure anyway? on Windows Remote Desktop Exploit In the Wild · · Score: 4, Informative

    Climb down off your high horse. RDP for years now has been encrypted and certificate authenticated using TLS. There is no inherent reason when it should not be save to connect to a windows 6.x (Vista / 7 / Server '08) machine over the internet with RDP. You don't always use SSH over VPN do you? Its not as if that has never had a vulnerability.

  8. Re:M$ Windoesn't on RDP Proof-of-Concept Exploit Triggers Blue Screen of Death · · Score: 1

    This is by far not the first vulnerability in RDP. I know what you mean though its supposed to be a remote management solution; saying its insanely stupid to expose RDP to the net is like saying its insanely stupid to put SSH on the net.

    The truth is minimize you attack surface and pick your poison. Have SSH? good tunnel your RDP, have a VPN? even better use it, want to use RDP? ideally use Microsofts terminal server gateway, if not fine put one 'terminal server' open to the outside and access other boxes thru it don't run your critical infrastructure on that box etc.

    The fewer services you have the fewer ways you can be attacked. You probably have to run one more web servers, dns, and mail, most business need some sort of remote access solution, pick ONE vpn, terminal services gateway, citrix, ssh, and the administrative people might need a back door should the remote access solution fail for emergencies. My advice on that good old fashion modem listing on an unpublished phone number; and very strong passwords.

  9. Re:How important is this? on RDP Proof-of-Concept Exploit Triggers Blue Screen of Death · · Score: 2

    Never heard of Microsoft Small Business server have you?

  10. Re:The people will be the ones who suffer on Iran Deleted From the World's Banking Computers · · Score: 1, Interesting

    The fact is though Iran's leaders both the Ayatollah and the president frequent label the Israelis as the infidel. I don't know about the Ayatollah but the president has said the same thing about the US AND threatened to wipe out Israel.

      So in terms of fiery rhetoric; I don't think calling us the Infidel vs us calling them the Axis of Evil is really different. As to making threats, we have never suggested we mean to wipe anyone off the earth, and we have followed thru on the threats we have made.

    Lives are at stake and it really is potentially us vs them. I don't see why we should not expect leaders to be mature enough not to be making idle threats, I don't think I want to expose my family to the risk they prove to be something other than idle threats, when they come from someone with the ability to carry them out, that is the test.

    If Iran becomes a Nuclear power we could lose a city to a suitcase type dirty bomb. They have labeled us the Infidel and treated to destroy that same infidel; once they have the capability to do that then WE MUST ASSUME THEY MEAN TO DO IT and either remove their capability to do it or destroy them. A better option is to deny them the capability in the first place.

    From their perspective they can no doubt say the same thing, and from a purely ethical stand point they have right try. The fact is we are where we are, threats have been made. If they continue to arm there are no choices. Its not a question of who is right and who is wrong, at this stage is a practical matter of me and mine come before them and theirs; and we are the mightier.

  11. Re:Compatibility or conversion on Why New Programming Languages Succeed Or Fail · · Score: 2

    The limits that would impose on syntax and underlying data models would essentially stop all real evolution in this space. Thank your lucky stars this attitude is not pervasive or we'd all be working with slightly improved BASIC, FORTRAN, COBOL, and Ada environments today. The lucky ones would be maintaining code bases comprised of horrible COBOL to C conversions. If you have been in the retail or finance industries you have encountered some CBOL at some point.

    No if anything new languages should provide some bindings to call methods and code written in other common languages. That way you can continue to leverage your large complex objects or procedures developed over years, without the constraints of the old environment. Sure you might have to deal with some messy type conversions multiple paradigm ugliness but you can most likely solve that once and wrap so it at least does not 'look' especially nasty.

  12. Re:Thespians on Pay the TSA $100 and Bypass Airport Security · · Score: 3, Informative

    Also the airlines have been bailed out before under Bush.

  13. If this catches on on New Service Lets Users Try Apple's New IPad For 30 Days Before Buying · · Score: 2

    Its the final nail in brick and mortar retails coffin. There will be no reasons to even visit the local shop to have a look at something you are going to order on New Egg or Amazon later. Retail at least could hope that might stop in to see the new IPad and leave with something else that just had to have on impulse, now habitual online shoppers will have no reason to set foot in a local store. The can just try out $ITEM in the own home.

  14. Re:And brittanica did not see the threat on Wikipedia Didn't Kill Brittanica — Encarta Did · · Score: 1

    but it was right, 640K is enough for anyone, well anyone most of us have ever met anyway. Why people have been put on the moon using computers with less memory. Just because we expend the effort to work with in that constraint today, because it would cost more than the memory does not mean the 640K is actually not a sufficient primary storage capacity for most computing tasks.

  15. Re:Effective at what? on George "geohot" Hotz Arrested In Texas For Posession of Marijuana · · Score: 3, Insightful

    First off most state laws around marijuana are less strict then Federal. There is absolutely NO SOUND REASON to have Federal law against marijuana. If the State of Texas wants to enforce some crazy statute the people of Texas should bear the cost of doing so, my federal tax dollars should not be WASTED by DHS keeping a little pop off the streets in Cowboy country.

  16. Re:No good guys on Internet Crime Focus of Black Hat Europe · · Score: 2

    That is pretty much what I was thinking about. If you have ever worked with or even watched a professional pen test team the first thing you notice (if they are any good) is they target collaboration tools that are integrated with stuff like Nessus, Nmap, and Metasploit ( the pro version has build in collaboration tools already).

    You have one person identifying and classifying, and others going after hosts according to specialty, finally you have them sharing information between each other when they discover credential pairs, network topology etc.

    If I had to guess I bet the bad guy tools existed first, someone saw them and commercialized them; made them better and now the bad guys use them.

  17. Re:Obligatory on 51% of Internet Traffic Is "Non-Human" · · Score: 3, Insightful

    My guess is humans will be more evil, we are innovative in a way its hard to imagine an AI will be. It won't matter though. The AI will adapt, adopt, and iteratively improve on our ideas; using them against us so much effectively than we could ever hope to do.

  18. No good guys on Internet Crime Focus of Black Hat Europe · · Score: 2

    I think there is actually more to this than many slashdotors are dismissing the "no good guys without the bad" as. The things that turns a bad guy into a bad guy are motives and opportunity. Having the skills is a big part of opportunity. Even with the economy as it is most of us in the Western World with education and experience required to be security professionals can make a better living doing that or at least avoid the risks associated with being a criminal while living comfortably. That is not true in some other places and its possible it could become untrue here.

    So maybe there is something to the pushing "hacking is cool" is a bad idea thought. Creating tons of security 'professionals' might just be creating tomorrows black hats mob employees. Sorta like in places all over the world yesterdays soldier has become today's insurgent and or revolutionary. They know the business of war, and its a huge leg up. Knowing is actually I think more than half the battle. I am not saying we should all stop attending $CON and talking to each other about developing better techniques to identify weaknesses. If we did that the integrity of the system would stop improving, and the few bad guys that will be out there anyway, even if working in a vacuum, will be completely unchecked.

    University systems and other stuff got owned all the time in the 70's and 80's before the Internet exited to facilitate communication among black hats, grey hats, and white hats. I don't know what the answer is and I don't really think trying to censor information is ever a good approach but none the less there is something to think about here.

  19. Re:Smart people can be dumb. on James Whittaker: Focus on Ads and 'Social' Destroying Google · · Score: 1

    I would not underestimate Facebook in such away. Look how far and wide their little buttons, and such are spread. Also remember beacon, it might not go by that name anymore because it got politicized but the technology is still there in various forms. To say nothing of "Facebook login" which obviously creates all kinds of track-ability for people who use it.

    They can certainly track you if your logged in, probably track you when you are not in many cases even if its with a little less certainty. They might not know about your divorce attorney but they do know how many porn sites you visit; and that you were not really on a business trip last Thursday as posted, but their face recognition confirms you were out Sara, the girl you are not "in a relationship with" on their site.

    To what degree they are capable of leveraging this stuff compared to Google is tough to say, Google appears to be better at it, but Mark and the Facebook crew might not be Google's PHD army but they enjoy the high ground and respectable in their own right.

       

  20. Re:Indication of Government Ability? on White House CIO Describes His 'Worst Day' Ever · · Score: -1, Flamebait

    Just like the left cries how capitalism has failed while pointing at the most tightly regulated and manipulated markets we have. Then they deregulation is proof we need more regulation, when deregulation was really just as misnomer for bad regulation. There has never been any deregulation, if there had been you and I could start small local banks, telcos, electrical utilities etc, but just try it; regulatory compliance, licensing requirements will be there to stop you.

    As with this attack on markets it has not allways been this way. There was a time 40's thur start of the 60's where people did anything but starve our government, and in that time it proved itself to be both currupt, and inept. It also showed itself to be possibly evil in nature.

  21. Re:Problematic on Camera Gun Would Let Hunters Get Killer Wildlife Shots · · Score: 1

    Considering the usual response by police whenever anyone photographs them, I suspect we will hardly notice.

  22. Re:Its how microsoft works on Can Microsoft Afford To Lose With Windows 8? · · Score: 4, Informative

    Windows 95 - Stable
    98 - Bluescreening POS

    Wow really, what planet were you on? '95 (3.95) was hardly better than 3.11 on Dos 5+. It was not until '95OSR2 (4.0?) running on a mass market OEM system (DELL, HP, COMPAQ, etc) with mature drivers that it got solid. Windows 98 (4.10.98) was also pretty solid on decent hardware. You could run into problems with old (stuff with older VXD type drivers targeted at Windows '95) junk; which is what anyone upgrading a Win 95 machine had because manufactures never supported their own hardware beyond the initial release in the PC world at that time.

  23. Re:Seriously, why? on Chinese Spies Used Fake Facebook Profile To Friend NATO Officials · · Score: 4, Insightful

    It all depends on what you post there.

    No that is the problem it depends on what YOU post there and what everyone you are FRIENDS with post there.

    Maybe you don't post your going on vacation for week because you don't would be crooks to know for sure you are not at your house. Your girlfriend however is not so careful and or does not much care about her apartment. She posts she is out of town for the week and than tags you in some photos at the beech from her mobile.

    Now anyone in either of your circles has a pretty good idea YOU are out of town. This is problem. Someone with an 'in' could be at the friend of friend level, depending on not just YOURS but your FRIENDS privacy settings and some time to pick through the site and workout relationships (even if the info is not shared, they could do it through pictures etc, odds are the girl with your arm around her waste is wife or girlfriend not a sister, etc) can derive lots of information based on what others post that YOU never shared.

  24. Re:Nice straw man you've built, there. on Nuclear Disaster In Japan Could Have Been Mitigated, Say Industry Insiders · · Score: 4, Insightful

    Deaths per terrawatt hour is not a useful metric. Even if that number is certain to be higher with everyone favorite whipping boy, coal or oil, natural gas, solar whatever there is very little that can go wrong with those which would render a large area unlivable all at once. The deaths and health costs they create are spread over time. Society can budget for and deal with those costs and even cope with the occasion colamity.

    With neuclear on the other hand the absolute costs might be less but the potential to have bear them all at once exists and it could very well be a back breaker for any society, that is the prespective you have to use.

    Think of it like this cancer will over time do more harm to your body than a bullet but you can live with and treat most cancers for a long time, that might not be the case with the bullet.

  25. I'd be a little miffed on Data Breach Flaw Found In Gnome-terminal, Xfce Terminal and Terminator · · Score: 5, Insightful

    If I were the author of this library I'd be a little annoyed. The article is written as if the library does something wrong. It does not. It stores data on /tmp, which is there to be used as scratch space. To read the file you have to be the owner or root, which has been true of every process that has written there since before my years. This is perfect correct.

    Okay some uses might not expected their terminal emulator to keep temporary files. Yes if your disk is appropriated someone not root in your environment might be able to read it. Which is true of basically any process that writes anything to disk anywhere; even ones that don't. Suppose my system is under enough VM pressure that my good old fashion xterm gets paged out? Why scroll back buffer data, which might even have come from SSH would be right there on my disk! OH! NOS!

    If you are dealing with a system that is physically insecure, like a laptop, or machine in a public spot, or information that is so sensitive you'd be more concerned about it being out there than the fact that your hard disk or entire system has gone missing; there is a solution for that. Its called disk encryption! If you use Linux it won't even cost you anything!