I find it truly surprising that not one single Microsoft Engineer could take it upon himself to discover these flaws beforehand. And that they were surprised by these results.
That tells me a lot about the Engineering talent. Hopefully some small change has been made in the mindset there. It would at least be a good small start; because one key thing about improving security is the mindset.
Agreed, however it's been my experience that programmers at most large software companies have an inflated view of their own abilities. They are are in an insulated environment, tell each other they are wonderful, and just like academia don't realise there's a sharp edge out there.
This is particularly true in software security where by-the-book standard protocols are broken and misdirected in bizarre ways to get protocol failures and breakin opportunities.
Re:Automatic DDoS mitigation at backbone level
on
Zombie Report By ISP
·
· Score: 1
The real problem is notifying infected machine owners and dealing with the customer service aspect costs too much money and is generally not worth the return.
That's what some ISP's claim. I don't believe them. It's possible to solve this problem almost completely automatically. Run traffic monitors and when a zombie is detected email the customer automatically with a message to access a web link with a cleaning program attached. If the email hasn't been accessed in about 2 days block all ports except local pop and http and redirect all http to an alert page with a link to a cleaning program. Either the cleaning program gets run, no problem, or the customer is busy and the zombie is blocked, no problem.
When malware has been in Time Magazine you know customers will care about it. It's just that zombies are invisible to them and because it's invisible they think it's not a problem. As soon as the ISP alerts them the vast majority will be worried enough to do something about it.
If you and the rest of the world actually played by the rules, they would work and the price would either come down or someone else would pop up with a cheaper product that did what you needed.
Your argument is flawed. Software development costs are fixed, it's how many customers the costs are amortised over that affects the price to the consumer.
M$ makes perhaps 10,000 times the amount of money that a smaller company might make on exactly the same software. When that is coupled with the necessity of interoperability, the high cost of switching products and the ability of M$ to use a tiny fraction of that excess profit to kill any potential competitor price competition is meaningless. To talk about a normal "free market" in these circumstances is just silly.
---
It's wrong that an intellectual property creator should not be rewarded for their work. It's equally wrong that an IP creator should be rewarded too many times for the one piece of work, for exactly the same reasons. Reform IP law and stop the M$/RIAA abuse.
And thank you for putting your sig line in your post and thus defeating my preference of not wanting to see them.
I like variety in my sig. Putting it in preferences I find inconvenient. Sorry about that.
But in answer to your sig, what if your application is not required to run under heavy loads with limited memory on an SMP machine?
Not much room in a sig for a detailed exposition.;-) I was trying to get across the idea that all software should be thoroughly tested on the most challenging target platform, not on the high end developer machine most programmers have.
A common failing I see are programmers who assume the target will always be a mono-processor (many people have desktop SMP/multi-threaded machines), will always have plenty of memory, disk and CPU (not on palmtops and embedded machines), will have a broadband network connection (most people worldwide still use dialup), wasting CPU/power/disk is not a concern (it is on a laptop) etc. etc.
I particularly care about SMP because I run desktop SMP, multi-threading has arrived and programmers need to start dealing with it. I've lost count of the number of bad software packages that have heisenbugs on multi-threaded machines. It's actually not that hard to design software to avoid these problems, but you do need to think about it.
Would you also like everyone to test their code on an AS/400 or maybe on a Commodore 64?
If that is the worst case reasonable target for the software in question, yes.
Bury the evilness in the make file. No one will find it there.
Bury it in the configure script. There's so much magic in there, and cross platform stuff that no one person is likely to know about, you could hide an elephant.
---
Repetitive advertising is noise and compromises free speech.
Copyrights still have an important place in our society.
It's not all or nothing. Stop pretending it is.
---
It's wrong that an intellectual property creator should not be rewarded for their work. It's equally wrong that an IP creator should be rewarded too many times for the one piece of work, for exactly the same reasons. Reform IP law and stop the M$/RIAA abuse.
surely it is possible to come up with a decent technological response to these vermin...
What is needed to start with is a decent music player, probably based on one of the existing FOSS players, that does all of the following:
It must be easy to install and to use. For a computer phobic child. With zero adult assistance. With one hand holding a peanut butter sandwich. I can't emphasise this enough; too many FOSS developers think near enough is good enough and don't have a clue when it comes to unnecessary interface complexity.
It should be internet aware to allow easy downloading, both broadband and dialin, and easy library management.
Download sites should be easy to find by simple mouse clicking and have some documentation of their content and quality.
It must be possible to easily pay for content if necessary, maybe via paypal.
There should be tools available for artists to easily create content for it via uploading to websites.
For the M$Windows (to get critical mass), Linux and MP3 mobile platforms.
Have it as a Firefox plugin, leveraging the popularity of one FOSS project to gain critical mass for another.
Remember, this would be for the computer naive user, not only for the computer knowledgeable.
If a FOSS project could get the above together I think the result would be huge, even if the big media didn't sign on due to no DRM. The amount of freely available non-DRM'ed content out there is large, much of it of good quality and more than enough to keep people going for a long time. The main reason it's not more widely used is because it's hard to find among the trash; that needs to change. If critical mass could be achieved then large numbers of artists would submit free content just to get exposure, particularly if this easily lead into paid content on the same player.
Depending on exactly what position you have, you'll get this to varying degrees <rimshot>, but you will get it.
Not likely in my experience.
I've worked in several university positions. The userfriendly cartoon is funny but just doesn't ring true. What is true is that occasionally people without degrees have a chip on their shoulder.
PhD's are generally intelligent people and fun and inspiring to work with. They're often highly opinionated but will respond to reasoned argument. Some are oddballs but generally if you treat them right they'll treat you right.
If you think personal happiness is all about dollars and nothing else then you might not like it.
He forgot to add the price that they paid for this imaginary house: $2,000 with all of the appliances included.You can't complain about commmodity software development not being up to the standards of house building.
Of course you can. In a functioning free market if the first house cost a million bucks but each copy cost a buck then in a market of ten million consumers the house would cost a buck and fifteen cents.
We don't yet have a functioning free market in commodity software though I'm hopeful.
---
It's wrong that an intellectual property creator should not be rewarded for their work. It's equally wrong that an IP creator should be rewarded too many times for the one piece of work, for exactly the same reasons. Reform IP law and stop the M$/RIAA abuse.
No it's not. In the business world there are just as many aggressively ignorant "professionals" who piss away millions of dollars mandating "best of breed" and "business standard" solutions because they don't have a clue. There are idiots in any large group of people.
I thought people/companies were free (as in speech!) to release their code under whatever license terms they wish.
Convicted monopolists operate under stricter rules than others. M$ likes to pretend it's just another software company. That's nonsense when it controls so many de-facto software standards.
---
It's wrong that an intellectual property creator should not be rewarded for their work. It's equally wrong that an IP creator should be rewarded too many times for the one piece of work, for exactly the same reasons. Reform IP law and stop the M$/RIAA abuse.
The usual "you must protect your 'valuable' intellectual property" canard that lawyers and others like to push to drum up their parasitic business, completely ignoring the fact that openness oftens make better business sense.
In this case any company capable of competing in the market can trivially sniff the raw data coming off their competitor's chip with controlled lighting, a digital storage CRO and a little common sense.
To claim that hiding the the storage format is anything more than anti-competitive market manipulation is itself manipulative.
---
I'm not worried about the use of DRM. I'm worried about the abuse.
Seems 99% of Slashdot hate copyright and want everything public domain.
Bullshit. You're a zealot, probably a paid marketing parasite judging by the corporate propaganda you're trying to push.
---
It's wrong that an intellectual property creator should not be rewarded for their work. It's equally wrong that an IP creator should be rewarded too many times for the one piece of work, for exactly the same reasons. Reform IP law and stop the M$/RIAA abuse.
If you can manage to type in the URL, try to google for "black box testing".
Black box testing is only appropriate in very well characterised situations. Since there is huge variation in speed measurement situations (e.g. weather, battery charge, traffic density, sunlight angle, electrical equipment nearby, deliberate interference and avoidance by motorists, deliberate misuse by a few officers etc. etc.) the accountability of open source is both superior and necessary.
---
All F/OSS licenses are good and superior to the average closed source license.
Re:Current CPUs to maintain or increase in value
on
Intel Claims No DRM
·
· Score: 1
I can see a future where the resale value of current hardware would be exceptionally high.
Doesn't help if you need to network with other people's computers and the makers of those computers decide you can't be "trusted".
I'll say it again, this is free market destroying stuff. The proponents of DRM really have a very naive view of human nature and what vendors are going to do once they have total control.
The problem only comes when you are required to (or want to) use an application that uses Hardware DRM, in which case you will need to turn it on.
Or you want to be compatible with such a platform (e.g. to exchange documents, files or email messages), and that platform has decided to lock you out. This is free market destroying stuff.
---
I'm not worried about the use of DRM. I'm worried about the abuse.
Slashdot is costing various software companies, particularly M$, a small though increasing fraction of their sales. That's millions of dollars of almost pure profit lost. It's financially worthwhile for them to spend a few hundred thousand astroturfing and pushing anti-F/OSS propaganda to reduce slashdot's and F/OSS's effect.
M$ built it's business on the "if it's legal it's ethical" lie and they've been caught astroturfing in the past. Like before they've probably subcontracted it so they've got plausible deniability, both for the market and for their own development employees so that morale isn't affected.
Of course, internally they won't call it astroturfing, it'll be "community building", "customer outreach" , "anonymous company blogging", "story planting" and other such marketing bullshit. Misrepresentation and lying in other words.
When others make loads of money from it, the feeling is mixed.
Depends on the individual and the software. Linus seems pretty happy that many people are making money from Linux.
Most successful F/OSS projects are collective efforts with hard working leaders. Those hard working leaders are usually well aware that it's not their work to own and aren't too worried when honest companies try to make money from the software if they adhere to the license in fact and in spirit.
Software can be licensed any way a software writer likes. If the license says commercial use is permitted then clearly they've decided for them the benefits outweigh the costs.
---
All F/OSS licenses are good and streets ahead of the average closed source license.
But they can use a new license for patches, bug fixes and new versions. You can refuse to apply them, but then you're leaving your data center vulnerable to all kinds of unpleasantness.
FUD. Any new license has to be compatible with the old license.
In the extreme the single copyright owner of a software project, if the project even has one (e.g. not Apache), can take it closed source. That's when branches happen (e.g. Xorg) and the software users have lost nothing but the free labour of the former licensor of the software they are using and may have to start paying for the support they formerly got for free. Not particularly nasty and not a particularly big issue.
You need to do your due diligence on the license before you start using open source software, just like any closed source software, but F/OSS software licenses are usually streets ahead of the average closed source software license.
Many people then joked about wanting "world domination". That in my book is wanting to change the world.
Don't know if Stallman or Torvalds made the same jokes but assuming people releasing code then didn't want to make the world a better place, in addition to their selfish reasons, is just revisionism. The same applies today.
---
GNU/Linux, the world's #1 OS by hits. M$ windows #2. Open Office the world's #1 office suite. M$ office #2. Apache, the world's #1 web server. M$ IIS #2. Evolution, the world's #1 email client, M$ outlook #2. Unfortunately mozilla family browsers are still #2, M$ internet explorer is #1, but watch firefox (#3) grow.
Slashdot Mirror
I find it truly surprising that not one single Microsoft Engineer could take it upon himself to discover these flaws beforehand. And that they were surprised by these results.
That tells me a lot about the Engineering talent. Hopefully some small change has been made in the mindset there. It would at least be a good small start; because one key thing about improving security is the mindset.
Agreed, however it's been my experience that programmers at most large software companies have an inflated view of their own abilities. They are are in an insulated environment, tell each other they are wonderful, and just like academia don't realise there's a sharp edge out there.
This is particularly true in software security where by-the-book standard protocols are broken and misdirected in bizarre ways to get protocol failures and breakin opportunities.
---
zealotry n : excessive intolerance of opposing views.
The real problem is notifying infected machine owners and dealing with the customer service aspect costs too much money and is generally not worth the return.
That's what some ISP's claim. I don't believe them. It's possible to solve this problem almost completely automatically. Run traffic monitors and when a zombie is detected email the customer automatically with a message to access a web link with a cleaning program attached. If the email hasn't been accessed in about 2 days block all ports except local pop and http and redirect all http to an alert page with a link to a cleaning program. Either the cleaning program gets run, no problem, or the customer is busy and the zombie is blocked, no problem.
When malware has been in Time Magazine you know customers will care about it. It's just that zombies are invisible to them and because it's invisible they think it's not a problem. As soon as the ISP alerts them the vast majority will be worried enough to do something about it.
Problem solved.
---
Anonymous marketer = paid zealot.
but money spent to correct problems goes into the economy.
The broken window fallacy. That money could've been more productively spent elsewhere.
---
All F/OSS licenses are good and superior to the average closed source license.
If you and the rest of the world actually played by the rules, they would work and the price would either come down or someone else would pop up with a cheaper product that did what you needed.
Your argument is flawed. Software development costs are fixed, it's how many customers the costs are amortised over that affects the price to the consumer.
M$ makes perhaps 10,000 times the amount of money that a smaller company might make on exactly the same software. When that is coupled with the necessity of interoperability, the high cost of switching products and the ability of M$ to use a tiny fraction of that excess profit to kill any potential competitor price competition is meaningless. To talk about a normal "free market" in these circumstances is just silly.
---
It's wrong that an intellectual property creator should not be rewarded for their work.
It's equally wrong that an IP creator should be rewarded too many times for the one piece of work, for exactly the same reasons.
Reform IP law and stop the M$/RIAA abuse.
And thank you for putting your sig line in your post and thus defeating my preference of not wanting to see them.
I like variety in my sig. Putting it in preferences I find inconvenient. Sorry about that.
But in answer to your sig, what if your application is not required to run under heavy loads with limited memory on an SMP machine?
Not much room in a sig for a detailed exposition. ;-) I was trying to get across the idea that all software should be thoroughly tested on the most challenging target platform, not on the high end developer machine most programmers have.
A common failing I see are programmers who assume the target will always be a mono-processor (many people have desktop SMP/multi-threaded machines), will always have plenty of memory, disk and CPU (not on palmtops and embedded machines), will have a broadband network connection (most people worldwide still use dialup), wasting CPU/power/disk is not a concern (it is on a laptop) etc. etc.
I particularly care about SMP because I run desktop SMP, multi-threading has arrived and programmers need to start dealing with it. I've lost count of the number of bad software packages that have heisenbugs on multi-threaded machines. It's actually not that hard to design software to avoid these problems, but you do need to think about it.
Would you also like everyone to test their code on an AS/400 or maybe on a Commodore 64?
If that is the worst case reasonable target for the software in question, yes.
Here at /., we leave informative, well-thought-out discussion at the door.
Thank you for contributing your gross over generalisation!
---
If you haven't tested your code under heavy load and limited memory on an SMP machine then you haven't tested it.
Bury the evilness in the make file. No one will find it there.
Bury it in the configure script. There's so much magic in there, and cross platform stuff that no one person is likely to know about, you could hide an elephant.
---
Repetitive advertising is noise and compromises free speech.
Copyrights still have an important place in our society.
It's not all or nothing. Stop pretending it is.
---
It's wrong that an intellectual property creator should not be rewarded for their work.
It's equally wrong that an IP creator should be rewarded too many times for the one piece of work, for exactly the same reasons.
Reform IP law and stop the M$/RIAA abuse.
surely it is possible to come up with a decent technological response to these vermin...
What is needed to start with is a decent music player, probably based on one of the existing FOSS players, that does all of the following:
Remember, this would be for the computer naive user, not only for the computer knowledgeable.
If a FOSS project could get the above together I think the result would be huge, even if the big media didn't sign on due to no DRM. The amount of freely available non-DRM'ed content out there is large, much of it of good quality and more than enough to keep people going for a long time. The main reason it's not more widely used is because it's hard to find among the trash; that needs to change. If critical mass could be achieved then large numbers of artists would submit free content just to get exposure, particularly if this easily lead into paid content on the same player.
---
Keep your options open!
Depending on exactly what position you have, you'll get this to varying degrees <rimshot>, but you will get it.
Not likely in my experience.
I've worked in several university positions. The userfriendly cartoon is funny but just doesn't ring true. What is true is that occasionally people without degrees have a chip on their shoulder.
PhD's are generally intelligent people and fun and inspiring to work with. They're often highly opinionated but will respond to reasoned argument. Some are oddballs but generally if you treat them right they'll treat you right.
If you think personal happiness is all about dollars and nothing else then you might not like it.
---
Keep your options open!
He forgot to add the price that they paid for this imaginary house: $2,000 with all of the appliances included.You can't complain about commmodity software development not being up to the standards of house building.
Of course you can. In a functioning free market if the first house cost a million bucks but each copy cost a buck then in a market of ten million consumers the house would cost a buck and fifteen cents.
We don't yet have a functioning free market in commodity software though I'm hopeful.
---
It's wrong that an intellectual property creator should not be rewarded for their work.
It's equally wrong that an IP creator should be rewarded too many times for the one piece of work, for exactly the same reasons.
Reform IP law and stop the M$/RIAA abuse.
Here in the business world it's a bit different.
No it's not. In the business world there are just as many aggressively ignorant "professionals" who piss away millions of dollars mandating "best of breed" and "business standard" solutions because they don't have a clue. There are idiots in any large group of people.
---
Commercial software bigots - a dying breed.
Use strlcpy/strlcat instead (oh wait, the GNU libc maintainer refuses to put them in...)
So what's your problem? Fork it! ;-)
Actually, that might even work if the major Linux distributions took it on board.
---If you haven't tested your code under heavy load and limited memory on an SMP machine then you haven't tested it.
I don't think anything they've done has been ethically wrong.
You've been taken in by their marketing 'droids. One example among many.
---
If you haven't tested your code under heavy load and limited memory on an SMP machine then you haven't tested it.
I thought people/companies were free (as in speech!) to release their code under whatever license terms they wish.
Convicted monopolists operate under stricter rules than others. M$ likes to pretend it's just another software company. That's nonsense when it controls so many de-facto software standards.
---
It's wrong that an intellectual property creator should not be rewarded for their work.
It's equally wrong that an IP creator should be rewarded too many times for the one piece of work, for exactly the same reasons.
Reform IP law and stop the M$/RIAA abuse.
The usual "you must protect your 'valuable' intellectual property" canard that lawyers and others like to push to drum up their parasitic business, completely ignoring the fact that openness oftens make better business sense.
In this case any company capable of competing in the market can trivially sniff the raw data coming off their competitor's chip with controlled lighting, a digital storage CRO and a little common sense.
To claim that hiding the the storage format is anything more than anti-competitive market manipulation is itself manipulative.
---
I'm not worried about the use of DRM. I'm worried about the abuse.
Seems 99% of Slashdot hate copyright and want everything public domain.
Bullshit. You're a zealot, probably a paid marketing parasite judging by the corporate propaganda you're trying to push.
---
It's wrong that an intellectual property creator should not be rewarded for their work.
It's equally wrong that an IP creator should be rewarded too many times for the one piece of work, for exactly the same reasons.
Reform IP law and stop the M$/RIAA abuse.
If you can manage to type in the URL, try to google for "black box testing".
Black box testing is only appropriate in very well characterised situations. Since there is huge variation in speed measurement situations (e.g. weather, battery charge, traffic density, sunlight angle, electrical equipment nearby, deliberate interference and avoidance by motorists, deliberate misuse by a few officers etc. etc.) the accountability of open source is both superior and necessary.
---
All F/OSS licenses are good and superior to the average closed source license.
I can see a future where the resale value of current hardware would be exceptionally high.
Doesn't help if you need to network with other people's computers and the makers of those computers decide you can't be "trusted".
I'll say it again, this is free market destroying stuff. The proponents of DRM really have a very naive view of human nature and what vendors are going to do once they have total control.
---
DRM - Democracy Restriction & Manipulation
The problem only comes when you are required to (or want to) use an application that uses Hardware DRM, in which case you will need to turn it on.
Or you want to be compatible with such a platform (e.g. to exchange documents, files or email messages), and that platform has decided to lock you out. This is free market destroying stuff.
---
I'm not worried about the use of DRM. I'm worried about the abuse.
I agree, no paranoia required.
Slashdot is costing various software companies, particularly M$, a small though increasing fraction of their sales. That's millions of dollars of almost pure profit lost. It's financially worthwhile for them to spend a few hundred thousand astroturfing and pushing anti-F/OSS propaganda to reduce slashdot's and F/OSS's effect.
M$ built it's business on the "if it's legal it's ethical" lie and they've been caught astroturfing in the past. Like before they've probably subcontracted it so they've got plausible deniability, both for the market and for their own development employees so that morale isn't affected.
Of course, internally they won't call it astroturfing, it'll be "community building", "customer outreach" , "anonymous company blogging", "story planting" and other such marketing bullshit. Misrepresentation and lying in other words.
---
Anonymous marketer = paid zealot.
When others make loads of money from it, the feeling is mixed.
Depends on the individual and the software. Linus seems pretty happy that many people are making money from Linux.
Most successful F/OSS projects are collective efforts with hard working leaders. Those hard working leaders are usually well aware that it's not their work to own and aren't too worried when honest companies try to make money from the software if they adhere to the license in fact and in spirit.
Software can be licensed any way a software writer likes. If the license says commercial use is permitted then clearly they've decided for them the benefits outweigh the costs.
---
All F/OSS licenses are good and streets ahead of the average closed source license.
But they can use a new license for patches, bug fixes and new versions. You can refuse to apply them, but then you're leaving your data center vulnerable to all kinds of unpleasantness.
FUD. Any new license has to be compatible with the old license.
In the extreme the single copyright owner of a software project, if the project even has one (e.g. not Apache), can take it closed source. That's when branches happen (e.g. Xorg) and the software users have lost nothing but the free labour of the former licensor of the software they are using and may have to start paying for the support they formerly got for free. Not particularly nasty and not a particularly big issue.
You need to do your due diligence on the license before you start using open source software, just like any closed source software, but F/OSS software licenses are usually streets ahead of the average closed source software license.
---
Anonymous marketer = paid zealot.
Many people then joked about wanting "world domination". That in my book is wanting to change the world.
Don't know if Stallman or Torvalds made the same jokes but assuming people releasing code then didn't want to make the world a better place, in addition to their selfish reasons, is just revisionism. The same applies today.
---
GNU/Linux, the world's #1 OS by hits. M$ windows #2.
Open Office the world's #1 office suite. M$ office #2.
Apache, the world's #1 web server. M$ IIS #2.
Evolution, the world's #1 email client, M$ outlook #2.
Unfortunately mozilla family browsers are still #2, M$ internet explorer is #1, but watch firefox (#3) grow.
Congratulations everybody, world domination. ;-)
Personally. I don't much care what F/OSS license people use.
They're all streets ahead of the average closed source license.
---
Anonymous marketer = paid zealot.