Slashdot Mirror


User: owlstead

owlstead's activity in the archive.

Stories
0
Comments
3,436
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 3,436

  1. Create company, sell malware to government on Is Open Source Fertile Ground for Foul Play? · · Score: 1

    The "automatiseringsgids" a weekly magazine in the Netherlands on IT, just reported that Open Source did not get it's foot in the door of Government.

    One of the biggest problems mentioned about putting open source to work was the very high level of trust a company has to have to get any contracts from government, ruling out (open source) upstarts.

    And this guy says:
    Much more likely is that distributions will be created and advertised for free, or created with the express purpose of marketing them to governments at cut-rate pricing. As anyone can create and market a distribution, it's not far-fetched to imagine a version subsidized and supported by organizations that may not have U.S. or other government interests at heart.

    Yeah, like that's ever gonna happen. What a load of (door slams) - shrek.
    <br>

  2. Problem with ASN.1 library takes 6 months? on Microsoft Sits on Security Flaw for Six Months · · Score: 1

    I am a programmer who does actually work with ASN.1 libraries. What I can't understand is that it takes Microsoft 6 months to fix this issue. ASN.1 code is not _that_ complicated.

    The problem probably then is to find all the instances where the code has been used. If they linked it from a static library then that would explain somewhat more (this is very probable, ASN.1 code would be just supporting code). If they used a complete ASN.1 parser - and had to fix that - then that would explain some more.

    But 6 months? For a company like Microsoft? I don't know how many people new about this flaw, but it IS very serious. This code is used almost anywhere where security is an issue.

  3. Re:MS need to (un)fix their Find program... on Microsoft's Search Engine Plans · · Score: 1

    Actually, this started with 2000 already. Instead of an ugly, but very on topic search (or "Find") window you now get some bloatware IE interface. You can type in the folder you want to search for manually, or you can go to the VERY BOTTOM of the list to choose browse (just below my documents, desktop, my computer, all hard drives, drives c:, d:,e:,f:, removable disks g:, h: and cdrom drives i:, j: . After this, search will take ages and there is no way to exclude folders. Ever searched a Java documentation folder or cygwin installation? Right!

    All this makes searching a real boon. It's no wonder that there are so many 3rd party search tools out there. Apperently searching for files is not part of the operating system, unlike all the other things like media players. Oh well, anybody that can recommend a nice freeware search out there? One that is content aware (id3 tags, open office documents etc.) would be highly appreciated.

  4. Re:Windows Beats Linux! on Red Hat to Release Enhanced-Security Linux · · Score: 1

    Yep. Heard this one from a friend:

    1 - Put Windows 98 computer on the internet behind a very fast connection
    2 - Wait a couple of days
    3 - Harvest movies and mp3's from machine
    4 - Format & reinstall
    5 - Go to 2

  5. Re:Invulnerable to MyDoom type virii? on Red Hat to Release Enhanced-Security Linux · · Score: 1

    However, in a decently admined system the users don't know the root password, they don't need it ever, and they should never be installing programs.

    In what kind of world do you live? Must be a different one that I am living in...This is at least not true for home users. And as a developer (which is a kind of power user, MS got that name right) I am certainly in need to install applications.

  6. Re:The videogames are NOT at fault. on BBC Argues Games Don't Cause Violence · · Score: 1

    And since low IQ is also a very big factor, video games and movies are generally far more dangerous than books will ever be.

    Can you point to any evidence that IQ has a significant relation to the possibility for a person to be criminal?

    The high IQ crimes are probably white collar crimes mostly. Can't make any popular game or movie on that :).

  7. Re:AMD 300mm? on AMD Receives $683M for Dresden Plant · · Score: 1

    What's the point on calculating how may Athlon XP's can be made on a 300 mm process exactly?

    And don't call them Piza wafers would you? It's about diner time out here.

  8. Re:In Socialist Germany on AMD Receives $683M for Dresden Plant · · Score: 1

    The question remains if this is capitalism though. If the state and the companies get even more together and start to influence the other too much, we will be in the same state as communism.

    Capitalism and communism are ideals, they may have little to do with reality. To say one or the other failed is therefore bung. Especially because the SU had little to do with communism. You could call China a communist state... are they failing?

    All this said, I think they made the right decission too. There is no reason not to grab this opportunity. It's allowed by the EU, so that should tie things up nicely. You need more specifics about the agreement to check the validity of such a large amount.

  9. Re:not enough on Java SDK 1.5 'Tiger' Beta Finally Released · · Score: 1

    When advocating for operator overloading you are basically advocating a programming style with 1 letter method names, only it's worse, because you're limited to a few "commonly used" letters.

    And besides that, it would make parsing your code a lot slower. No more looking for '+' sign and knowing exactly that you want to add a number to another (or a String, the one Java (compile time) exception to the rule.

    And that would definately screw up Eclipse, something that I do not want to happen. So this is a practical performance reason as well. From a theoretical stand I would be for operator overloading anytime. Problem is that in a practical world it is very much abused, making for unreadable code.

  10. Re:Benchmarks on Java SDK 1.5 'Tiger' Beta Finally Released · · Score: 1

    Dunno, I could not get any of the new language features to work on my system with that version. It was more an Apha renamed as Beta version to me. Oh well, let's try this one.

    It must be busy there though, I couldn't fill my 4 mbit/sec pipe, which Sun normally fills up pretty well.

  11. Re:steps toward Python on Java SDK 1.5 'Tiger' Beta Finally Released · · Score: 1

    However, using a soundly designed dynamic language, I can write dynamic-implementation+test-suite in about the same time I could write only static-implementation in, say, Java. But since I have an extensive test suite, I end up with much more reliable code.

    Interesting, but why would you be so much faster? It isn't that you don't have to know what's in your variables all the time. If you worry about refactoring, or remembering the types, use a good IDE.

    As a sidenote, I currently use Eclipse for this. Fortunately, Eclipse will support 1.5 pretty quick if I've read the USENET discussions correctly. My development time was about halved, though I started off with plain text...

  12. Re:not bad on "Port Knocking" For Added Security · · Score: 1

    The whole point behind port knocking is the wrong impression that "open" ports are more insecure than "closed" ports. This is totally bogus.
    It's about the applications behind the open ports, and it's not more complicated to write code which listens to a specific port and drops the connection if it doesn't recieve some secret number as the only payload of the first packet, than it is to write the kernel tcp/ip stack.


    Ok, I'll start to rewrite all the applications on my linux server right away...

    There are many examples for buggy and overflowing tcp/ip stacks

    I would root for a fast and well tested linux TCP/IP stack before I would try 20 different (badly tested?) solutions for filtering IP packets. Anyway, you can still do both. I mean, they will have to travel through the IP stack anyway.

  13. Re:Why just square chips? on From Silicon To Microprocessors · · Score: 1

    Just a suggestion, but what would you do with the diagonal parts of the die (one die, not multiple die)? Most processors I have seen are not only square on the outside, they are also square on the inside. Correct me here if I am wrong though (/me checks his Pentium II processor on his key ring).

    So you either have a tremendously more complex internal design, which makes use of these diagonals or you throw away space on the die itself. And for what? Upgrading to a larger wafer and smaller dies would bring down the waste as well.

    See also
    http://www.tomshardware.com/cpu/20040201/pre scott- 05.html
    to get an idea what I am talking about. This is just an example guys, don't start a flamewar on Tom's hardware, would you?

  14. AMD? on Leaked X-Box 2 Specs Include PPC CPU · · Score: 2, Interesting

    I wonder what will be there first, a 64 bit Windows OS for the Opteron / Athlon 64 (and FX, for completeness sake), or a 64 bit Windows OS for the XBox deux? Seems to me that Microsoft is protecting Intels intrests with one -er- foot and kicking them in the parts with another.

    Or are they just trying to presurise Intel with this? It would not be the first time that Microsoft would say "thank you but goodbye" to a company that was sure they were on the same side. IBM is a very dangerous company to ditch though.

  15. Re:'No, I use Linux' on Darl Goes to Harvard · · Score: 1

    Yep, that's why I had asked (together with others) to make the virusfilters free (all options are freely configurable at my ISP, so you can enable/disable them).

    Try to persuade them to do the same. They will still get inbound viri, but you can filter these on separate systems. Furthermore the SMTP server might have less problems if less people get infested.

    Oh well, in 2 years this problem will be over according to Bill (not).

  16. Re:ATX, BTX expansion on Balance Technology Extended (BTX) Explained · · Score: 1

    And DTX is right out...

  17. ATX, BTX expansion on Balance Technology Extended (BTX) Explained · · Score: 4, Funny

    That does not leave much space for upgrades, CTX has already been taken by a computer monitor company, see the CTX website.

  18. Re:Gov't regulation that's why on Google Cancels Spring IPO · · Score: 1

    I wouldn't give any shares to employees if I were google. They could also try to get their assets below 10 million of course, but I doubt if that is such a good idea :).

  19. Re:ugh on Google Cancels Spring IPO · · Score: 1

    No problem, they can even make it a default in IE for all that matters. But if they "integrate" the search feature in IE, or make it more difficult to use google instead (changing back to the default when an update takes place, going to the search page when a miss takes place etc.) then the are abusing their monopoly _again_.

    Even worse would be page ranking their own products and URL's above everyone elses, or removing anti-microsoft sites from their search results. I would not be amazed if any of these things would happen in the future, it's not past microsoft to do this (and get away with it).

  20. Re:Fixed Indeed on Microsoft Security Patch Fixes URL Security Flaw · · Score: 1

    Well, I was just handling an iPlanet web server installation problem when I rediscovered this feature. Actually, if you are managing servers with web based configuration this can come in quite handy. Since the admin pages are not available on the internet, there is no real need for an additional (safe) password anyway.

    Tools might also use this feature to log in over HTTP without filling in any nasty pop-ups, though another HTTP message might also do the trick.

    As for it being in plaintext; if you use SSL with it, you might only see it in plain on your own computer and not in any HTTP communcation, which will only take place after the SSL session has been set up. Unfortunately many sites use login through web forms though, which is fine for real users but a pain in the for scripts.

    Removing the entire username:password@ feature from URL's is a bit like cutting off somebody's foot because of a sore toe.

  21. Re:the needed patch on Microsoft Security Patch Fixes URL Security Flaw · · Score: 1

    Yes, the Rabobank in the Netherlands nowadays (not previously) runs fine in Mozilla as well. You need to enable resizing in Javascript and popups (for that particular site) as well. Most important sites in the Netherlands are Mozilla friendly.

    Unfortunately you still need a windows computer to fill in your tax papers. This application is Windows only. Strange for a government to require a monopolistic operating system to run their software.

    Oh well...

  22. Re:Do the cafes *cause* crime? on California Cybercafe Regulation Decision Released · · Score: 2, Interesting

    Though I communicate a lot over coffee, I don't think that Starbucks and cybercafe's are in the same ballpark. One serves coffee and the other one is used for communications.

    Nobody is forcing you into a public pay phone either (I hope). But that does not mean they should be able to listen to your calls.

  23. Re:The video provision isn't really that bad on California Cybercafe Regulation Decision Released · · Score: 3, Insightful

    Dunno, how can you tell if it is a grainy black-and-white security recording (from 20 feet away) that is going to wiped in 72 hours. Is it on the camera somewhere?

    Maybe I should bring a list of security camera's and check against that, and then ask to see the recordings afterwards? We had a video setup in a computer store (of Gateway, the computer company) which saved data on harddisk in perfect color recordings. Wasn't a bit expensive, and it was a full closed circuit recording facility.

    The thing about internet cafe's is that these ARE public places. A telephone boot is private property from a telephone company as well. That does not give them the right to listen in on your calls. These are primary communication means people, don't let them hide behind private property laws the way that they do.

    Obviously vandalism is a problem though. Maybe somebody should check if the equipment is ok after somebody leaves. And a security guy will still be needed to arrest persons that misbehave, or steal other peoples property.

  24. Prince Charles on A Review of Nanotech's Future · · Score: 1

    Then came "Prey." And in Dan Brown's No. 1 best-selling novel, "Angels & Demons," the Catholic Church denounces nanoscience as evil. (It has not, although Britain's Prince Charles has expressed alarm about the science.)

    Eh, I doubt that the Britisch crown prince has much ado with the catholic church. Now that prince Charles has expressed alarm, I am sure all scientists will take another woried look at their safety procedures.

  25. Re:Eclipse is really not very good on Sun and Eclipse Squabble · · Score: 1

    In fact, to me, Eclipse has so many crappy little windows that it is painful to figure out what they contain and how to navigate between them and how to find them again when I inadvertantly make one of them go away.

    Eh? You choose the view in the Window menu bar. The views are ordered nicely into groups there. If you find something cluttered, just drag & drop the small windows onto one another. Or make them go away if you don't need them. I love the way the GUI handles this.

    But then I've never understood what an IDE offers that isn't trivial to do using emacs, a shell, make, and a debugger.
    Jeez, man, have you even tried developing Java code in eclipse? It has all the benefits that a parsing editor can have. It even displays an error if you make a switch with two the same case statements. Refactoring is great, if only for searching and renaming. Before Eclipse I must say most Java development was done in ultra edit, but that's over now. It's a bit late to go into a plain editor vs IDE don't you think?

    I was quite disappointed with the Omando (sp?) UML tool. It crashed my Eclipse more often than not whenever I tried to use it.

    So a plugin does not work as required. That's a shame. But how does the performance of one particular plugin effect Eclipse? I've seen countless bad plugins already, even though the devepment of plugins is quite painless. Did you explect that Eclipse makes better programmers?

    I predict that it will descend into dll (jar) hell sometime soon. Each plugin will insist upon certain versions of jars and each tool vendor will screw up some other vendor by installing some common jar whose version is incompatible with the other tool's needs.

    Have you actually looked at how plugins are organized? It seems to me that this will not be such a problem. And most java libraries are backwards compatible anyways. I also do not see how this will make it any different from other IDE's out there.