Slashdot Mirror

← Back to Users

User: solprovider

solprovider's activity in the archive.

Stories
0
Comments
442
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 442

  1. Bystander responsibility on Blaster Writer Caught · · Score: 1

    If I am walking down the street and see some guy about to kill another guy with a hammer to the head I am under no legal obligation to attempt to dissuade or stop the would be killer.

    It depends who "I" am. If I am a police officer, then I have sworn to protect the public, and I can be fired and held responsible for not "doing my duty" even when off-duty and out of uniform.

    There was a big story about this situation a few years ago. There was an armed robbery. The officer was off-duty. The officer ducked and someone else died. The officer was charged with something, but I do not remember the outcome of his trial.

    The same principle applies throughout all of American style-law, and I can't think of any exceptions where a person has an affirmative duty to thwart crime or criminals.

    You can be charged with "Being an accomplice" if you knew a crime was about to happen and you did not attempt to prevent it. No need to be a hero, just alert the authorities. Also "Accessory after the fact" applies to knowing a crime was committed and not reporting it. Of course, if the criminal is never caught, your knowing is not likely to get you in trouble. And if nobody knows you know, then you cannot be charged. The laws are there to provide the public with a reason to help the police.

    Disclaimer: I am not and have never been a lawyer, police officer, or criminal.

    ---
    I do not know how any of this would apply to the IT world. Much of our work is done solo. I am certain anybody doing anything illegal would prefer to work unobserved.

    There was a Slashdot article about SC requiring IT workers to report any child porn found. As a trusted and responsible admin, I never look at anybody's data unless I must, and I doubt someone would ask me to help with an illegal picture. Anybody reporting someone under this law would be admitting to snooping, and would never work again.

  2. Define "Video Games" on Videogames Attract More Women Than Boys? · · Score: 1

    I agree totally.

    The article mentions that one woman, a teacher of art for game design, and her friends prefers war games. Of course she did not get into that field because she already liked games back when almost no other women cared about them, right?

    My guess is that 99% of the 26% of gamers that are women over 17 are playing "The Sims". It is the only game played by women I know today. It is the best-selling game for the last few years, and no man I know will admit to enjoying it, so those record-breaking sales figures must be from sales to women.

    I did get a few ex-girlfriends addicted to Civ and AlphaCenturi, but I think they just wanted to spend time with me. And they were techies anyway.

  3. Re:Linux does not require technical ability on Is Linux as Secure as We'd Like to Think? · · Score: 1

    I think you proved my point. These Knoppix users ARE USING LINUX WITHOUT TECHNICAL ABILITY.

    Linux does not require "technical ability" to use. It may require some slight brain activity. It would be useful to have a finger or other body part which can move and click a mouse.

    "Technical ability with computers" could mean:
    - Understanding the difference between RAM and a hard drive storage.
    - Knowing the difference between a program and a data file.
    - Not referrring to the monitor as the "computer" and the actual computer as a "hard drive".
    - Not thinking a 3.5" floppy is a "hard disk".
    - Understanding that internet cookies are not viruses.

    Most Slashdotters would upgrade the list to:
    - Being able to partition a hard drive.
    - Knowing a computer language, or at least a command line shell.
    - Being able to put a computer together from parts.
    - Knowing the difference between USB and Firewire.
    - Understanding HTTP and SMTP.

    I followed your link. The top notice was someone asking about where Knoppix installs Java without any understanding of the difference between the JRE and the JDK. I doubt this person has "technical knowledge", yet he is able to use Linux enough to be looking for more information, although a little knowledge would help the question make sense.

    My aunt probably makes the mistakes in the first list, but she was able to use Mozilla and OpenOffice on Linux without any help from me. (OK, she did have to send me the file the next day so I could convert it from .SWX to .DOC, but that just proves she has no concept of file extensions.)

    My point was that it is possible to USE Linux without technical ability. Knoppix even makes it possible to install Linux without any technical knowledge.

  4. DiskDruid on Is Linux as Secure as We'd Like to Think? · · Score: 1

    OK, I ALWAYS choose the "allow customization" option, and usually recommend my friends do the same. In this case, my friend was setting up dual-boot with Windows, and did not want RH to remove the Windows partition. I believe that requires DiskDruid (please correct me if I am wrong).

    The DiskDruid interface has SWAP under type of partition AFTER you have picked which partition you are setting up. Then when you click OK, it complains that SWAP is not valid for /boot. Why doesn't the interface make it clear that SWAP needs to be its own partition. And if you try to continue without making a SWAP, it complains, even though SWAP is not on the list of partitions that need to be created. [I understand all this, but the interface is confusing.]

    The current pull-down selection system, with options that do not match, and dialog boxes warning what is wrong, is awful. It does not help that every other line is "Free Space 1K". And that the dialog box to add new partitions hides the list of current partitions, so you have to remember if you already specified /boot.

    The interface I would design would:
    - list all the partitions, current and all possible.
    - with a checkbox next to the ones that are optional (including all current partitions)
    - with a text box for the size to be created (with default recommendations),
    - with the minimum size displayed,
    - with the recommended size displayed (based on current free space minus mandatory free space). Yes, this is repeating what is in the text box, but it is better than using a RESET button when you realize you made a mistake. (A "SET ALL TO RECOMMENDED" button would not hurt, but the info is more important than the button.)
    - option to make recommendation while leaving specified amount of free space.

    An alternate would be to allow removal of existing partitions before the create partition screen. Then the create partition screen knows exactly how much space can be allocated.

    To make it easier for newbies, place a definition of each partition under its name:
    \boot REQUIRED [100MB] Minimum 100MB Recommended 100MB
    (The Linux kernel files required to boot the computer.)

    Can someone send this to RH and the DiskDruid maintainers?

    ---
    Personal philosophy:
    Pop-up dialog boxes usually imply a poor UI. Write everything so it will work in a web browser. Pop-ups can be used for alerts where the current action must be stopped, but even that can usually be accomplished by reloading the same page with all of the errors/required actions at the top. [Note the ALL in the last statement. Having a form suggest filling in one required field per submit attempt is just annoying.]

  5. Arrogant Gifted Miracle-worker on Is Linux as Secure as We'd Like to Think? · · Score: 1

    Here is another response to an AC.
    I covered some of this in a post above that is currently modded Off-Topic. How can I be off-topic when I am responding to a response to my own post?

    Yes, most projects involve many people. Even if there is just a single point of contact, that is one other person with whom the developer needs to be able to work.

    I have several advantages when working with teams:
    1. My great personality ;)
    2. I am usually added to a team because they have a problem they could not resolve. Everybody knows I am there because I have abilities that were not already present. I must be very careful not to rub their nose in that fact, or I will not be invited back. (I actually had a PM doubt my abilities because, while I let my confidence border on arrogance during the interviews, I was "too nice" when I met with the team.)
    3. People who work for companies rarely have the opportunity to learn from people outside their corporations. Almost every one of my assignments involves some "knowledge-transfer" to the regular employees. The teams WANT to get along with me so they can learn from someone new.

    I know that many "gurus" have the reputation as arrogant and a pain in the ass, but the reality is that if you want to be a successful consultant, you cannot be either.

  6. Re: Bad MS programmers on Is Linux as Secure as We'd Like to Think? · · Score: 1, Insightful

    I had sworn off responding to ACs, but you agreed with me so I'll answer you. I am currently reading "Code Complete". (Well, I am in Ch.11 and haven't touched it in a month because there is too much work and summer fun.) I learned from people who had read the book, and much of it is common sense, so I am not learning from it, but I would highly recommend it to any new programmers or PMs.

    First, I am not an OS developer. I do not pretend to be one. I am a consultant that builds applications for very large corporations, and yes, I believe in getting paid.

    I could help with the DESIGN of MS products.
    - Start with removing tabs from almost everything. They are a very poor interface. Computer data is meant to be viewed vertically. Sections (twisties that hide vertical data when closed) can keep things organized. That interface has been proven easy-to-use. MSWindowsExplorer, AcrobatReader, and Mozilla uses them for menus on the left. They are also very useful for content. Having your important network settings scattered on 3 of 7 tabs (with only one prioritized since it opens first) is painful.
    - Properties boxes that allow context sensitive settings are great. OpenOffice and Adobe and Lotus products use them. Why doesn't MSWord?
    - Pet peeve: MSExcel. Try programming it. If you make one mistake, it pops up an error. You cannot see the code while seeing the error. And if you click/type one thing wrong, it deletes the code with no warning. Nobody can call this user-friendly. Lotus 1-2-3 did it better in the 80s.

    I have probably worked on a half a million line program so that you can add feature X in a week. I never asked how many lines of code there were. I do not need to read an entire program to find where code needs to be inserted to add a feature or remove a bug. I was able to locate and fix 200 bugs in a large application in 6 hours. The PM was upset because I was not testing the fixes (he was very paperwork oriented), but the 6 developers were doing the testing as I worked and were happy that the bugs were disappearing.

    I do not want to work for MS:
    1. I do not like their ethics. If I treated my customers like they do, I would not have any customers.
    2. I believe MS is about to go down in flames. Why join a sinking ship?
    3. They may pay very well, but I probably make more as a freelance than they would pay for any technical position. I would also lose control of my time.
    4. I live on the wrong coast. I travel frequently for work, but a "job" with MS would probably require relocating to Washington.

    I almost took a job with IBM; I like their software, and would like it to be more usable. But I doubt I could survive working in an office.
    I am unable to work 9 to 5 for more than 2 weeks without going crazy. I am too comfortable having a few months off each year. I like results; I do not consider office politics to be fun. I am a consultant because I have to be, not because the money is fantastic (but it doesn't hurt.)

  7. Re: Bad MS programmers on Is Linux as Secure as We'd Like to Think? · · Score: 2, Interesting

    Did you chuckle when you read my post? Or frown?

    Are you a MS programmer that I insulted? Or did they not hire you, so you assume the ones they did hire must be better than you? Or you believe that a company that makes that much money must be doing something correctly?

    (Sorry that sounds like a personal attack. I hope you answered "No" to all but the first question.)

    Read the websites about the hiring practices for MS. They are looking for a good personality fit with their processes. Maybe the questionaire asks, "Are you willing to release bad code because of deadlines?" and a positive answer gets the position.

    I have no personal experience about the quality of programmers at MS. My personal belief is that there are very few good programmers anywhere. I do know that every time I need to fix a problem with MS software, I think about:
    - how I would have written the code, then
    - how a beginner programmer would have written the code, then
    - how to write it worse than the beginner.

    Then I assume the last case is true, and work around it. I have a reputation as a miracle worker for being able to see inside the code.

    Best programmers do not rush. They know that code that works is much better than code that almost works. Taking the time to design something well is always worth it. By definition, well-designed programs take less time to write and test.

    The problem with MS's code is not that it was not written well the first time, but that they have not done it correctly after hundreds of attempts, even after their customers report problems.

    ---
    I am not a "Lunix zealot". I do not use Linux in the corporate world, and barely use it for personal stuff.
    - I do recommend Linux to people and companies that cannot afford Apples (which I have not used in recent history.) And much of my recent work has been battling an incredibly poor multi-threading model in some of IBM's software.
    - I am anti-MS because I am tired of rebooting, and know that I could design their apps much better than they ever will. If they have some of the best programmers in the world, why are their applications so bad?

  8. Linux does not require technical ability on Is Linux as Secure as We'd Like to Think? · · Score: 4, Interesting

    Linux does not require technical ability anymore.

    There are several distributions (Mandrake, Lindows, ...) that may be installed by the complete novice.

    That said, I am using RedHat (because I live in the US and it is still the most popular distribution here.) The RH9 installer does not even make suggestions for how to partition the hard drive. (A friend asked if he should make the root ext3 or a swap partition? The interface implies that this is acceptable.)

    Once Linux is installed, a typical user would never see the command line, and only needs to learn one GUI.

    Linux can also remove some of the fear of computers because you do not need to worry about the usual viruses. Your aquaintances that have trouble right-clicking and double-clicking may be better with Linux, since the menus are usually written before the context menus, so every option can be accessed with one button of the mouse. (My grandfather uses the ENTER key instead of double-clicking, since a couple of strokes have upset his timing for double-clicks.)

    You also assumed that the Linux users must have installed Linux. In the corporate world, computers are installed by IT, regardless of the OS. And today the home consumer can buy a computer with Linux already installed. That assumption is not safe.

    ---
    Good application designers assume the users are complete idiots. Applications designed that way are easier to use, require less documentation, and have more safeguards to prevent GarbageIn. And when the complete idiot does ask for support, invite them to be a primary tester. Even idiocy can be useful.

    For Linux to become the main personal computer operating system, it must be designed for use by idiots.
    - Why does it seem that most users are of below-average intelligence? Do smart people avoid computers?

  9. MS users hate MS on Is Linux as Secure as We'd Like to Think? · · Score: 4, Interesting

    there are a ton of anti-Microsoft people out there who would love to see Microsoft go down in flames

    Because they are forced to use MS products. Most people do not have strong feelings about stuff they have not personally encountered.

    While I would never go so far as to say that Linux people purposely write virii to take down Microsoft, I certainly wouldn't say that Microsoft users are the guys writing virii to take down Windows Update.

    The script-kiddie viruses require MSWindows to write, or at least test, the virus. Linux users have already escaped; why would they worry about MS? It is the MS users that write viruses to hurt MS.

    I also like the theory that the MSBlast virus was written by MS. The primary purpose behind that virus was to annoy all the users enough to patch their systems.
    - It also required every unpatched MSWindows PC to report itself to MS. MS might be able to use that information.
    - The virus also seems to have been poorly written. MS may not have the monopoly on bad programmers, but they definitely have the largest concentration of them.

    Anybody who wanted to cause real damage would write a virus that spends 24 hours spreading itself, and then silently wipes the "drives" starting at Z: and working backwords to C:. That would cause a few heart attacks in the corporate world. It would also force the world to switch away from MS. The MSBlast virus was just a warning shot, and I doubt it was written by someone who actually wants to harm MS.

    I've never met anybody who was smart enough to write a good virus and simultaneously preferred using Microsoft Windows as his/her desktop OS.

    With scripting kits, brains are not a requirement for writing a virus. See the stories about the virus writers who have been caught; none were particularly smart. (OK, they were CAUGHT, so the sample assumes some incompetence.)

    Very few people prefer MSWindows; most people do not know there was a choice.

    ---
    The Linux community wants to succeed by demonstrating that the community development process develops better code and applications than hidden proprietary code can produce. MS's security holes are a demonstration that their development process has severe faults. Linux and OpenOffice should remove MS's revenues very soon, and then MS will fall. We want to win fair.

  10. Why use CTRL for shooting on Carmack on New id Game, Game Theory · · Score: 5, Interesting

    Keyboards were designed many many years ago as very low bandwidth devices. To save bandwith, many keys reuse the same codes, so that only one key signal can be sent to the computer at one time. The special keys (CTRL, ALT, SHIFT) are given special codes so they can be used in combination with the regular keys.

    You can think of it as having 7 bits (allowing 128 keys) plus 3 bits for the special keys. So each time a key is pressed or released, a 10 bit signal is sent to the computer. The computer remembers the last signal, and assumes that if no signal is received, then the keys from the last signal are being held down.

    This was important to game writers, because some combinations would not work. If "P" is "move left", and "O" is "shoot", then moving left and shooting would not be possible.
    1. Hold "O". Computer sees that "O" was pressed.
    2. Hit "P". Computer sees "P" was pressed. It assumes that the "O" must be released.

    The special keys did not have this "feature", so they were used for actions, such as shooting, that might be done simultaneously with another action. Moving "shoot" to "CTRL":
    1. Hold "O". Computer sees that "O" was pressed.
    2. Hit "CTRL". Computer sees "CTRL+O" was pressed.

    Keyboard technology may have advanced since the 80s, so these issues may have been solved.

  11. Licenses for computer users on RPC DCOM Cleanup Worm Appears · · Score: 1

    If you want to own and use a computer, especially one connected to the internet, you have an implied obligation to make sure you know how to use and care for it properly.

    Have you EVER worked tech support? I did it for home consumers buying their first computer from 1995 to 1996, and then for corporate users from 1996 to 1997. And those people were trendy. Now anybody can buy a com-poo-tah.

    The home user will call for help plugging in the wires. (Color coding helps, but you stil have to tell that the green connector goes into the green plug.) Then they call every time there is a message they do not understand. (What is the difference between "Shutdown", "Standby", "Restart", and "Restart in MSDOS mode"? I just want to turn it OFF.) Then they call when they want it to do something but do not want to research it in any way. (I want to send a fax of this paper. I hold it to the screen and nothing happens. Did you buy a scanner? No.)

    They want every ability they imagine without even knowing if the machine they bought can do that. They only worry about what they see. Any virus that does not announce itself will survive until the user calls tech support and is told to run the "Recovery disk". (Then they call back because they cannot open that picture they saved last week.)

    Corporate users are slightly better because:
    1. They have proven they have some brains, since they have escaped the retail world.
    2. Their questions must be job-related.
    3. The IT group set up the machine much better than any seller to home consumers.

    Just like when you own a car. When your ignorance begins to impact and harm other people, any claim of innocence gets tossed right out.

    In the US, a license is required to drive a car. You need to pass a theoretical and a practical test before you get the license.

    A computer just requires some money. It is now possible to buy one for one week's take-home from working in a fast food job.

    And yes, any computer that touches the internet has the ability to "impact and harm other people."

    Who handles the licensing process?

    The seller just wants to sell computers. Do you think they will put any restrictions on who can give them money? Besides, just get your techie friend to buy it.

    The internet provider wants that monthly income. Can you force them to put restrictions on who can give them money?

    I believe the ISPs should be held responsible for these types of problems. They firewall everything. If you want to open a particular port, you sign a contract that you will pay for any problems caused by its use.
    - Port 135: Why would ANYBODY want this exposed?
    - Port 25: Any spam reported and you pay a $500 fine and it is closed for 1 week. This will not stop the spammers, but will stop machines from being used as unknowing relays. Or the ISP can test the few people who are running SMTP servers once a month and alert the user that there is an issue. If it is not fixed by a second test, then fines and the port is closed.

    I do not think it is possible to require anybody to be licensed to use a computer. No law aimed at the home consumer can be effective. So aim the laws at the ISPs, so they are universal. Keep them simple while forcing the ISPs to allow anything if the consumer is willing to accept responsibility.

    IMPORTANT: If the law does not require them to open the ports on demand, then they will just close the ports for everyone. We would soon have email being tunnelled though port 80, and the concept of ports in TCP would die.

    I put the fine at $500. The user had to ASK for that port to be open. And the fine should be enough that it is more expensive than paying someone to fix it. It should be cheaper to find someone to configure your SMTP server (or remove the trojan server) than to pay the fines.

  12. Even Lazy Criminal can be useful with Lotus Notes on Profile of an eBay Scammer · · Score: 1

    When he applied for a job as a Lotus Notes administrator at Caterpillar, for example, Nelson said that he had a degree in criminal justice and that he was familiar with Notes. "I got a copy of Lotus Notes for Dummies and learned enough of the buzzwords," he says. After three rounds of interviews, "they hired me on the spot," Nelson says. "I'd never even turned on the program." But he was a quick study, and he says that he was soon competent at creating and maintaining Notes databases.

    Imagine the interview:
    - I have a degree in criminal justice.
    - I am a criminal who serve jail time, so I really understand criminal justice.
    - I have always been interested in computers.
    - Here are some buzzwords concerning Lotus Notes.

    3 interviews and hired. I wonder that none of them were technical interviews. I try to stay away from management decisions, but a senior techie should always be consulted before hiring another techie.

    Then he was "soon competent at creating and maintaining Notes databases."

    Lotus Notes is for building secure distributed applications for large enterprises. A lazy criminal can quickly become productive with it; so can you.

  13. Government Software on Free Software as a Public Good · · Score: 1

    The purpose of free software was to build a library of software that can be reused. The best thing about computers is you teach them how to do something once and they will remember and repeat it forever. The GPL was written to prevent code from being locked into commercial applications where it could not be reused.

    Yes, many open source developers are writing Yet Another Text Editor. They write software because it is fun and expect that everybody else wants THEIR version. So what? If someone does write code to implement a new feature, the popular versions can use that code. Effort is saved.
    - But there is a chasm today. MSWord cannot use GPL'd code. And "free" applications cannot use any of MSWord's code; they have trouble just working with the file formats. This is an unstable situation. Everybody's productivity suffers. Since most companies want the best productivity from their applications, and open source applications help all programs while closed source applications are useless except for their stated purpose, it is very likely that hidden code will disappear.

    All software written for the US government is public domain, unless declared secret. The GPL does not apply, because anyone can use that code without needing the special rights for distribution granted by the GPL. So if the US gov releases a library, it can be used by any project, commercial or "free". If code is released specifically for a GPL'd project, then the project is still GPL'd, but that particular code is still public domain, and could be used by a commercial project

    The government requires much code to be written. Having that code available to everybody else will not cost jobs:
    1. The government will be hiring programmers.
    2. (Non-software) companies will be able to use that code for in-house projects.
    3. Some of the code will be used by "free" projects.
    4. Programmers will be hired to implement, extend, and support projects that use this code.
    5. Some companies can provide the service of knowing all the code available. They could quickly deliver tested code for specific purpose. You still need your in-house programmers to integrate it.

    The goal of free software is to continue building the library of available code to reduce the effort of all programmers. The government needs code; there is no reason for it to not release it for the public good. It will make both "free" and "commercial" software better. (Imagine if MS used government-written code: security must improve. Of course it cannot get worse.)

    ---
    The ultimate goal of every programmer is to reach the day when every program has been written. (See the first paragraph.) This will probably take a few millennia, and we can make much money in the process. But someday we will have written the best OS and the best data storage system and the best communication system.

    ---
    People are mentioning how this will affect the software "industry". The software industry is an anomaly. They are providing the tools so the actual workers can implement better applications. Instead, they are making it more difficult to write applications by keeping some of the code hidden. When Windows crashes, nobody can fix it. When Apache crashes, the reason is discovered and the code is fixed. Many companies that hide code will probably disappear during the Crash of 2004, and our jobs will become a little easier.

  14. Training for Big Brother on Smart Kindergarten · · Score: 1

    It does not matter what reason is given. These reasons may sound good to the parents, but the entire point is to train children that being watched electronically is OK. When they are adults, they will have no problems having video cameras at traffic lights, or using cell phones that track their location and give the information to their boss. They will feel that this is the way it has always been and not question that maybe these are bad ideas.

    This is one more reason to consider home schooling. But even if you do, your children will live in a world where everybody else has been trained to accept this.

  15. Relating Sun, IBM, and MS on Sun Microsystems, SuSE Link Up To Sell Linux · · Score: 1

    Sun attacks MS since the Sparc workstation has been competing with MSWindows since before there was MSWindows.

    IBM attacks Sun since IBM knows that they are a hardware company, and Sun has always been just behind IBM.

    MS attacks the consumers because it knows they have money. It also attacks other companies, but only to make certain the consumers have no options.

    IBM and MS did team to attack Sun on the Web Services security issues. MS wants to hurt Sun to give .net a better chance. IBM just wants to take Java away from Sun, because that will hurt Sun. Since their goals were very different, the attack has not been very strong.

    I do not know why Slashdotters do not like Sun.
    - Sun has always made good hardware, and their OS has always been one of the best Unixes. IBM may make better machines, but they are more expensive and use proprietary OSes.
    - All of the hardware vendors (Sun, IBM, Apple) try to lock their customers into buying upgrades from them. In the 90s, Compaq wanted customers to buy their upgrades from Compaq, so they used gold contacts for their RAM when everybody else was using tin-alloy contacts. Yes, gold was better (50 year life instead of 12 years, as if it matters), and putting tin contact sticks in gold sockets gave a chance the motherboard would melt, but Compaq was charging for gold contact memory about four times the price of generic RAM.

    - Sun gave us Java, while making certain that MS and IBM do not make it proprietary. Java is ALMOST community property: Sun's never-used veto power keeps the wolves caged.

    Today, Sun is confused. Many of the best applications in Java are not from Sun, so they have difficulty making money from it. Advances in hardware technology mean many tasks that required mid-size or mainframe machines 10 years ago can be done with Intel (or AMD) servers, so they are losing marketshare. They are a good company, and good innovators, but their business model is obsolete and they have not found a new one.

    Sun may not survive, but they deserve our sympathy.

  16. Writing my own encryption on Analyzing Binaries For Security Problems · · Score: 1

    Here are the specs and my design. Please tell me if I missed anything. Any suggestions welcome.

    Specs:
    - Language = Java
    - The encyption has 2 inputs:
    1: data = long String of XML.
    2: password = short String acceptable for input through a web form.
    - Data is all of a user's logins for all websites for a single sign-on system.
    - Data is currently stored after encryption where only administrators (and the valid user) can see it.
    - (In development) Change so that administrators cannot see the data. Requires code to cleanup obsolete users.
    - Requires password that is never stored in the system. There is no recovery method if the user forgets the password.

    Encryption:
    - Get password. All implementations should require SSL. (Why worry about the encryption method otherwise?)
    - Key is generated by multiplying the password by the password with all the bits in reverse order, repeat using the result, and removing consecutive zeroes and the first one. One more bit is removed if the result has an even number of bits.
    - Additional key lengthening could be added by using the MD5 or SHA hashes. My concern is that these return fixed length Strings. Probably use them before the previous step.
    - Data is shuffled in portions where the length is based on the number of bits in the key. This is so first char != < and the last char is not >.
    - Data is then encrypted using the key repeatedly. Since the key has an odd number of bits, it does not repeat on a byte boundary until 8 passes.
    - (In development) I want the key to evolve on each pass, possibly adding bits to the length. Change the bits in the key based on the data. Probably need to remembers the last bit from the data, since the current key bit and data bit are already used to get the current encrypted bit.

    The major strength is the unknown key length. Since the data is in ASCII, you can guarantee the first bit of the data should be a zero. Even if you knew the first char of the data, you could not know when those 8 bits of the key are reused, especially if the key grows erratically.

    If I prove that the first bit is always zero, then I will remove it, leaving 7 bits per char of data. Do any web servers allow passwords or domain names using chars above 127? I deal with many international clients, so I worry about losing data.

    Our Encryption class allows for new algorithms to be added easily while maintaining backwards compatability: data from older algorithms is migrated to the latest algorithm the next time the user logs in. There is no mass update, since the application does not know the passwords.

    ---
    My concerns are:
    1. Brute force attack - logging the number of missed attempts, and locking an account after a number of bad login attempts, should remove much of that threat.
    2. Java is open source by definition. Someone with file access could change the code in the program to log all passwords or unencrypted data. The data must be stored in memory at some point to be usable. This is why hiding the encrypted data from the administrators is not a high priority, since they can circumvent the whole security system if they know how to work with Java.
    - Changing to another language for the security system might help some, but even C executables can be hacked. And we would lose the single codebase for multiple OSes.

  17. Translation vs. Encryption Part 2 on Analyzing Binaries For Security Problems · · Score: 1

    I am familiar with the US using Navajos to translate messages for World War 2.And it served as a form of encryption because the Germans did not understand Navajo. As I pointed out earlier, this message is not understandable to someone who cannot read English. But it is not "encrypted" the way we use the word when talking about computers.

    There are 2 forms of "encoding" for secrecy:
    Codes: Replace each word (or concept) with another word (or concept.)
    Ciphers: Replace each letter with another letter.

    Codes are translated.
    - If I replace each word (or concept) from one language using a dictionary, then I am translating. If the dictionary is German-English or Navajo-English, then the result will be understood by people who understand the new language. If I use a "secure communication" codebook, then the new message may seem like English, but to the (desired) receiver, it will have a different meaning. "The dogs got out again" can mean "Meet me at the corner", but someone without the language (dictionary, codebook) will think we are talking about canines.

    Ciphers are encryption.
    - Every letter gets replaced with a specific letter, such as ROT1 or ROT13, or using a chart such as cryptograms in the newspapers. These can be easily broken due to patterns in our language structure.
    - Use a revolving key. The first letter can be offset by some amount. The second letter adds the first letter. The third letter adds the second letter. To be more secure, add offsets to every letter.
    - XOR every set of a certain number of bits with a big number. Without knowing the big number, it is very difficult to break encryption.

    Off-topic:
    I do not know why the revolving key is not used with the XOR method. The big flaw in most of today's methods is that the length of the key is known. Wouldn't security be improved if the key length changes for every pass, and the data is garbage for the first pass?
    - I recently wrote an encryption routine that encrypts data based on a password. The data is XML, and the encryption routine will be open source (visible, but in a commercial product). The key generated from the password is variable length, and the key revolves based on the data. And since the key length is variable, I shuffle the data based on the key length. I believe (and I am certain that I will be notified if anybody cracks it) that the only method of to crack it is brute force: try every password and see if the result is usable. Only the administrators will have access to the encrypted data, and only the owners will have access to the passwords, and the account is locked if the password is incorrect 3 times. I hope this will suffice; I may hide the encrypted data from the administrators to prevent them attempting brute force attacks.

    Back to the topic:
    The Navajo language trick was successful for maintaining secrecy because the Germans could not guess the dictionary used, but it was still a "code" which was translated. Machine code is called code because it is a different language, but messages (programs) can be understood if you understand the language. Both can be translated with the proper dictionary (and grammar instructions.) Neither is "encryption" as we use the term today.

  18. Translation vs. Encryption on Analyzing Binaries For Security Problems · · Score: 1

    This is a response to Slick_Snake. Anybody who understands the difference between "translation" and "encryption" should skip it.

    ---
    There are people who can start with a stream of ones and zeroes, change them to hexadecimal, look up the first instruction, find the number of additional data to be included, interpret that data, and repeat for the rest of the stream.

    Even for HelloWorld, this would take a very long time and much knowledge about how binaries are written for a particular architecture.

    There are people (programmers) who can take a set of tasks and write a program to do it. There are some people who can take the program and turn it into binary code the machines can understand. That process would take a very long time.

    The first paragraph is about "decompiling"; the third is about "compiling". Both tasks would take a very long time if done "by hand", so some of the first programs were tools to remove much of the work to make more tools. Operating systems and compilers reduce the grunt work of talking to hardware and translating from human-understandable to processor-understandable. Unix, gcc, and VisualStudio reduce the amount of time spent teaching the machines to do something. They also reduce the knowledge required. (Would you like a VB programmer poking bits into memory to create graphics?)

    But both tasks are only translating from one language (C, Pascal, ...) into another (assembly).

    So you are admitting that you require a program to understand the binary and convert it back into something that you can read
    Even if the other poster had the skill, he would probably write a program to do it. Computers were invented to do very repetitive tasks.

    That sounds exactly like decryption to me.
    Please look up translation
    - If I translate this post to German, and you do not understand German, it is still not encrypted, just translated.

    My point wasn't that it was impossible to read the binary files only that is was very difficult to the point were few would attempt to and less actually could.
    That is why we build tools. Difficult != impossible. In this case, it is not "difficult", just incredibly repetitve.
    - Is assembly language still taught in computer school? It is not difficult. Processors do not understand very many verbs (mostly various ways of saying "get" this and "put" it there), and most of the nouns are memory locations. (They also know how to add one to a number!)

    Just because a form of encryption can be broken doesn't mean that it is not encryption.
    This post is encrypted in English. Please do not break the encryption.

    Granted I do agree that compiling was not created as a form of encryption, but as programmers have become increasingly dependent on higher level languages they have become less and less familiar with byte code.
    Just because you do not understand German does not mean everything written in German is "encrypted", it just means you cannot read it.
    - Most 2-year-olds in America would have difficulty reading this English. That means that they do not know the language yet, not that this is encrypted.

    Encrypt - to convert from one system of communication into another; especially : to convert a message into code Decrypt - to discover the underlying meaning of
    You are confusing definitions for code.
    2: a coding system used for transmitting messages requiring brevity or secrecy
    3: (computer science) the symbolic arrangement of data or instructions in a computer program or the set of such instructions

    The act of translating programs into computer code is not the same as encrypting for secrecy.

    ---
    Personal Information:
    - I am a programmer.
    - I do not understand German. I could attempt to translate by hand with a German-English dictionary. Or I could use a computer program to translate. Guess which I prefer.
    - I am not good at reading or writing computer assembly language.
    - I am a very good programmer.

  19. Thought Theft on How to Tell if the RIAA Wants You · · Score: 2, Insightful

    Ouch! Stop him! He stole my thought. Make him give it back.

    Cool concept. Reminds me of the book "Deathkiller". Or it could be something spies use: steal his thoughts and wipe his brain, although I always figured killing was much easier than wiping a mind.

    We all reuse thoughts, and it rarely hurts anyone. I may use the phrase "thought theft" in a song. You may never hear the song, and my reuse won't hurt you. Thousands of people may share my songs on P2P networks, and that is good for me:
    1. People are listening to my songs.
    2. People are being injected with my ideas.
    3. People will pay to see me play the songs.
    4. People may order my CD. Yes, CDs are almost obsolete, but they are still a good method for those who do not have high bandwidth to transfer music without losing quality.
    5. I will get paid for being on late night television, and have cameos in movies and maybe start an acting career doing commercials, and write a book, and write a column in a magazine like John Mayer telling how he wrote a song that nobody wants to hear while travelling between famous people's houses. And that is what dreams are made of.

    ---
    Copyright was allowed in this country so that a creator would have a limited monopoly so creators would gain some benefit from creating and would have the incentive to do it again.

    Now the benefits all go to corporations for a period of time formerly known as limited. Yes, they still expire, but I will not live to see the copyrights expire on works that were created by people that were dead before I was born. I do not have the legal ability to derive new creations from the work of the greats. The original copyright had a maximum of 28 years. That means people should be able to reuse the entire Beatles catalog without legal hassles. (Someone once said they wrote every song. Does that mean noone can create anything new? That explains today's popular music.)

  20. SCO: the final illness on Australian Linux User Group Fights Back Against SCO · · Score: 1

    In the beginning, SCO was suing IBM for contract violation about reusing code that was developed for AIX. Linux was mentioned as the beneficiary of the code reuse.

    The FUD was when SCO made noise about how Linux violated their copyrights. None of their press releases made sense, but they were designed to make management have doubt about whether Linux was a good thing. This is when MS made their donation. Yes, it caused Uncertainty and Doubt, but mostly it cause Laughter.

    Then SCO threatened 1500 big companies that using Linux without paying SCO was naughty. That was the beginning of the Fear stage. We all feared that a couple of those companies were going to sue SCO for unfounded accusations.

    Now SCO has forgotten about suing companies that can fight back, and is asking donations from the little companies. You can can call this "baseless extortion", but it is the same process that every charity uses: "Give to us and you'll feel good." It even comes off the taxes (as a "business expense" which is better than a "charitable donation"!)

    The downside of this "charity" is that they have administrative costs approaching 100% of donations. None of the money ever goes near someone deserving for contributions to Unix. I would suggest contributing if they had promised to give even 10% of the gross to people like Linus Torvalds.

    I mention Mr. Torvalds because his "Linux" has brought Unix into the limelight. Without him, companies would be running Microsoft non-operations systems, or going to IBM, Sun, or HP for the little known Unix operating system. Nobody would even remember SCO if it was not for Mr. Torvalds' contributions to society. SCO owes him a big thank-you, and money is a great way to say thank-you. I am certain Mr. Torvalds would appreciate it.

    My point was that it was not extortion when this story started. The names we call SCO have changed as their actions have become more and more unconnected to the world. It is quite possible that the entire management staff of SCO has rabies and will need to be put down. But we live in a great company, I mean country, and you cannot kill a man until you see the slobber and drool, and either take him to court or a doctor. Good luck SCO, I hope you get well soon.

    [Funeral arrangements are being handled by IBM. Send flowers care of the McBride estate.]

  21. Spider Robinson on Why SCO UNIX Is A Bad Idea · · Score: 4, Interesting

    I did not believe anybody on Slashdot had read the scifi authors who extrapolate the human consequences to technnology.

    I avoid posting to the "stories" about best fiction, because they tend to honor people like Ian McDonald. I am reading his books now, and they remind me of early C.J.Cherryh, before she learned that the story is more important than the setting.

    Heinlein extrapolated the consequences of technology very well, and wrote entertaining fiction about them. The problem with reading his stories today is that he miscalled the future of technology. "The Roads Must Roll" is a great story, but we bypassed the tech. His first sale, "Lifeline", was written in 1939 about the corporate reaction to new technology, and is relevant, even if the particular technology has (still) yet to be invented.

    Asimov did the same, but the Slashdotters seem to prefer the Foundation series, where technology (psychohistory) learns how to control people, rather than the Robot novels where people are adjusting to technology (robots).

    IMO, Robinson is the best writer of this type of fiction today. "Melancholy Elephants" was written in 1984, and summarizes the entire case against perpetual copyright in just over 20 pages. I kept wanting to scream at the posters and legal people who are arguing about copyrights while avoiding the main point. Did Lessig submit this story as evidence?

    Art is about discovering pieces enjoyable by humans, and humans have serious limitations on types of input. Eventually everything likable will be discovered. But humans need art, and if we do not allow the repeat of discoveries, calling anything reused to be "derivative" and illegal, we will lose a major part of being human.

    The problem is new, since the ability to record art is new. The printing press is 500 years old.
    - Recorded music is around 100 years old. New generations have learned to like new instruments (electric guitar), which has helped. But if "On Top of Old Smoky" was not public domain, we could not have the theme to "Chariots of Fire".
    - Moving pictures are younger, and the combination with sound is very new. Yet Disney is busy reusing the old stories because there are not that many stories that will appeal to human beings.

    Even Spider Robinson is moving away from discovering new ideas and spending more time telling stories. His short story collections of early work are incredibly full of new ideas. He even found a new twist on time travel. Now he spends less on finding original ideas and more time telling each story. "Callahan's Key" milked one more out of the Callahan series (Thought-provoking AND funny: read them all!). "Free Lunch" took one cool concept (living in an amusement park) and filled a book. He is living proof of the concepts in "Melancholy Elephants".

    Anyway, this is all off-topic and will probably be moderated to oblivion. I may repost it the next time we discuss copyrights.

  22. What's the third platform? on Apple Reports $19 Million Profit for Q3 · · Score: 1

    1. Linux for people who like inexpensive.
    2. Apple for people who are willing to pay for that extra TLC.
    3. ???

    That's two. What's the third dominant platform?

    It can't be BSD. BSD is dead. I know that because I read it in the Slashdot postings. (That was sarcasm. I doubt the home consumer will move to the major variations. Apple has the ease-of-use version, and Linux has the mindshare. Where's the RedHat and SuSE companies pushing the other BSDs?)

    If you've read my other posts, you'll see rational reasons to believe that MS will die soon. I do not believe anybody will try to keep Windows alive. It will not have the following like other dead architectures like the Amiga, because the Windows architecture is too flawed to generate that type of dedication. Even the developers who know only MS software know it sucks, but they won't convert today while the MS world provides a paycheck. But are they going to keep a Windows PC around for nostalgia after spending a decade cursing it? MSWindows will be used less in 10 years than the Amiga is used today.

    Apple's marketshare should increase greatly if MS dies quick enough that the Linux companies cannot switch to a full consumer-oriented model. Apple has several decades of goodwill from proven reliability, ease-of-use, and good support for the home consumer. Linux companies cannot generate that "happy feeling" since the oldest are less than one decade old, and Linux only started to reach the general public's worldview in the last few years.

    Apple's competition probably won't be RedHat and Lindows. RedHat is busy selling to corporations using the Compaq model. Lindows is too small to fill the gap. My bet is that Dell will be one of the first to have a full line of Linux PCs. And then Gateway, HPaq, IBM, and MPCC will follow.

    ("MPC Computers" was condensed from "Micron Personal Computers Computers". Huh?)

    In 10 years, it will be Apple vs. Linux. Both are based on Unix-like code. That is a win for the techie community, right?

  23. Eclipse and Unused variables on Eclipse in Action · · Score: 1

    It scans your classes for unused variables and a few other things.

    That is the primary purpose I use Eclipse. I still write Java in Notepad and vi, but once a month I paste the files into the "workspace" directory, verify all the files are in the project, and "rebuild all". Then I read the warnings and fix the code.

    The warning I like the most is:
    The argument x is never read.

    It made me feel good, since I write most of the code in very stupid text editors and the first time I did this I had less than 20 warnings for an application with over 10K lines of Java. Fixing other warnings removed some probable bugs.

    Is it already built into the standard install of Eclipse? Can I use PMD separately, since I am not using the IDE anyway?

    Oh, and thanks. The PMD page mentions catching:
    Classes which could be Singletons
    which caused me to look up what a Singleton is. I am already using the design pattern in several places. (I reinvented it using static liberally.) Now I know that there are standard coding constructs to accomplish it, and my code will improve.

    And Eclipse did not warn about them, so either I am using them safely, or Eclipse does not check for them.

  24. Buying MS (the company) on Corel Ousted From Public Life? · · Score: 1

    Today's market cap for MS is $289 billion.

    Normally you need to pay a premium to buy out a company, so it is out of reach for everybody

    But according to a stock analyst friend, MS stock price is in a "declining right triangle". Stocks must "break out" of the triangle before it comes to a point. The "breakout" becomes greater when it happens closer to the point. The triangle has a 5 year base, and the point is sometime in the second half of 2004.

    MS's actions (high dividends, split, giving software away to make it seem popular) to keep the price up are actually going to make the breakout be bigger, because the breakout will happen closer to the point.

    BTW, it is a good time to sell. Unless you convince yourself that the breakout will be upwards, $27 is about the highest it will go.

    I need to ask my friend how big the breakout will be. He will not commit to which way the breakout will happen, but statistics can estimate the size of the breakout given a date.

    This is Slashdot, so let us assume that the breakout will be to a lower price. I cannot think of anything that could breakout to a higher price: announce a big win, release another product - these events have already happened and did not cause a breakout.

    The release of OpenOffice2, plus a few months to prove it is not buggy could set it off in NOV. Or JAN when the new budgets are approved. I believe it will happen around FEB when all the new migrations are annnounced.

    I will be optimistic and say that the stock stabilizes at $3. That puts the market cap around $30 billion. If it keeps declining, MS could be a candidate for a buyout.

    But who would buy it whole? Their cash cows will be disappearing, and the most of the divisions are unprofitable. Intel, IBM, and Cisco are the only other IT companies with market caps over $100B. Each is a hardware vendor, and owning the Windows OS would hurt their company. (Well, maybe IBM would buy them as revenge, but that would be more emotion than strategy.)

    I believe that the divisions will be sold off individually over the next 5 years. With decent management, there is the possibility that some of them could become profitable. And the price will be right.

  25. Blame MS for late WordPerfectForWindows on Corel Ousted From Public Life? · · Score: 1

    The story I heard was that MS told WordPerfect that OS2 was the next big thing and WP should concentrate on getting their software ported to OS2. Then MS blasted both IBM and WP by making MSWindows 3.0 the big thing, and MS already had MSWord for Windows ready. MSWfW became the killer app for Microsoft Windows: more people would type "win" to use Word than they would for Solitaire. Back then, you killed Windows as soon as you were done with Word because it was a memory hog, and you needed to do most of your work in DOS apps.

    So both the didn't adapt to Windows fast enough and MS's intrinsic lead in the technology base were plans of the evil genius.

    In WP's defense, MS had only destroyed about 10 companies at that point, so nobody really believed MS thought of themselves as the snake in a mouse farm.

    ---
    the law firm I work for [is] using Wordperfect 5.1 for DOS

    I think it is great that some companies realize that software is meant to accomplish a task. If the current software does what is needed, there is no reason to look for different software, even if it is disguised as an upgrade. You learn to work around bugs in the software. You learn how to use it. A new version may waste some time for the upgrade, but it also means everybody must learn new commands, and learn new workarounds.

    Legal secretaries with any experience are more productive using WPForDOS than anybody using MSWord for Windows. I saw WPForDOS running on a Pentium 200, and the software was extremely fast. The user was an retired lawyer, so his typing speed was probably around 50wpm, but he never had to wait for the software to do anything.

    I think we will start seeing software last longer. Applied to RedHat, 7.1 had a 500 connection limitation, 7.2 was buggy, but 7.3 could last forever. I think RH noticed this, which is why RH followed MS's lead and announced that old versions must die.
    - I really hope Linux users never feel they need to upgrade because of support issues caused by their distributor. I have not read about security holes in the kernel. Patch the applications WHEN A PARTICULAR SECURITY HOLE OR BUG AFFECTS THE SERVER; otherwise leave the software alone. A minimalistic approach to upgrades should keep the users and the company happy.

    ---
    This is Slashdot: everything is MS's fault.