Slashdot Mirror


User: FireFury03

FireFury03's activity in the archive.

Stories
0
Comments
3,710
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 3,710

  1. Re:Bad Broadband on UK Officially The Most Hacked Country · · Score: 1

    I personally think that the approach towards broadband was mostly done wrong. The large majority of users should never be fully visible online - those broadband routers should be doing NAT for all but a small minority of users.

    NAT is not a security thing. The vast majority of people only want to connect 1 PC to the internet anyway so are far better off with a stateful firewall instead of throwing NAT into the mix (which will come back to bite them in the arse as soon as they use more complex protocols to do stuff like VoIP).

    Part of the issue also lies with the fact that most "concious" users load up their PC with firewalls and zonealarm and so forth to the point where its slow because of all the crap on the system.

    Sorry, sticking a stateful firewall on the end of a 2Mb DSL connection should have a relatively negligable performance impact. Hell, my old 486 was quite happy doing stateful firewalling on a 10Mb connection.

  2. Re:Possibly because.. on UK Officially The Most Hacked Country · · Score: 1

    Our retarded government is shoving broadband down everyone's throats. That means that tons and bloody tons of people are all getting broadband, without firewall software or proper instructions on how to use it.

    I think the financial institutions have a good idea that can be applied well to internet connections: if you have a history of not paying off your debts then you get a bad credit history and you will only be able to get very restricted loans. This would work very well on internet connections. The ISPs can set up a central database of customers - those customers who show they repeatedly get compromised, etc (e.g. they have shown they don't have enough cluons to run a secure machine) can be banned from the "completely unrestricted" accounts on all ISPs. I'm not suggesting they are banned from the internet completely, but they could be pushed onto restricted accounts which only let them access the web through a proxy and have a large number of protocols filtered. Since the database would be a national thing, no ISP would lose out because the customer would get the same treatment from all ISPs. This would save the ISPs money in the long term by reducing the amount of bandwidth used by botnets that they have to pay for.

  3. Re:Good thing on UK Officially The Most Hacked Country · · Score: 1

    I don't think that how NAT changes the way the 'net works (I wouldn't go so far as to call it breaks) is going to be that big a deal for most consumers and it's probably a good thing from an ISP perspective.

    If the normal customers are doing simple stuff like surfing the web then NAT won't have much impact on them. However, more and more people are doing more complicated things and NAT can be a headache for stuff like VoIP.

    Unless you actually need to connect more than 1 machine to the internet you're far better off using a stateful firewall instead of NAT.

  4. Re:Well.... on UK Officially The Most Hacked Country · · Score: 1

    Also, while ISPs can't track down all the compromised machines, some simple steps can massively reduce the damage

    Blocking stuff by default is a Good Thing so long as the user can remove the blocks easilly (the IETF has made similar recommendations). Unfortunately I think that once a number of ISPs start implementing these default blocks, the rest will follow with a large proportion providing no way of removing the blocking (or maybe an extra pay-for service). Unfortunately I have no faith in the majority of ISPs (especially the larger ones like NTL and BT) having the knowledge or sense to do the Right Thing.

    Oh, and my views on NAT are that unless you actually need it to connect multiple machines to the internet it's a headache and should not be regarded as a security thing.

  5. Re:It's called a hardware NAT router on UK Officially The Most Hacked Country · · Score: 1

    When you go out and buy a new XP PC, or have to reinstall it using the restore CD.. and if you;re a clueless noob like most surfers, that's when you find that NAT is the answer.

    NAT is Not a security thing. The security you get out of NAT is a site effect of the connection tracking nature of NAT. If you don't need NAT (i.e. if you're only connecting 1 machine to the internet) a firewall that just does connection tracking is a far better option. Sadly I have yet to see a consumer DSL router that lets you do stateful firewalling without the added headache of NAT.

  6. Re:"Open Standards" != software freedom on Firefox and Open Standards the Way Forward · · Score: 5, Insightful

    Photoshop's ability to load and save PNG files doesn't mean I can inspect, share, or modify Photoshop to suit my needs. Depending on the license agreement and the method by which I have to install the program, I might even be restricted from running the software whenever I want.

    The point is that if Photoshop ceased to exist tomorrow or had a licence change that conflicted with your business practices/moral code, you have the option of changing to a different piece of software that supports the same file formats, etc. The same cannot be said for software with closed file formats - (ok, not entirely true since people _do_ reverse engineer closed standards, but generally because a lot of the support is guesswork they're not going to do such a good job. An excellent example is OOo, which opens and saves word documents but often gets the formatting slightly (or massively) wrong).

  7. Re:re-asking the question on BBC on DRM and Trusted Computing · · Score: 1

    No, they'll just ban distributing the crack, telling anyone that a crack exists, even telling anyone that a crack might exist, if necessary. If commercial pressure meets the First Amendment, which do you think will crumble first?

    Sorry, you are sadly mistaken - there is a world outside the US, no legislation in your country can prevent those of us not in the US publicising a crack - you can't suppress public information with legislation.

    By all accounts you're saying "noone will crack DRM because that's illegal" which is extremely naieve, especially since the whole point of DRM is to prevent people doing something that is *already* illegal anyway.

  8. Re:I will police my own FreeNet node if I run one! on Contrabandwidth · · Score: 1

    If you begin censoring content, you will lose Common Carrier Status

    Do random people have common carrier status anyway, or is it just reserved for _recognised_ service providers?

  9. Re:re-asking the question on BBC on DRM and Trusted Computing · · Score: 1

    Not upgrading your computer will not help you. There is no need to outlaw normal computers because normal coupters aren't a threat to them, because normal computers will be increasingly useless.

    Ok, so I buy a new "trusted" computer and 6 months later someone's cracked the DRM algorithm used. What then? Am I going to be compelled to upgrade my computer every time the DRM is cracked?

  10. Re:re-asking the question on BBC on DRM and Trusted Computing · · Score: 1

    DRM will spread, and people will start finding ways to break it.

    This is exactly why all DRM is doomed to failure - DRM'd data eventually has to be decrypted to be used. This means that you're giving millions of people the means to decrypt your precious DRM'd data. You can guarantee that at least one of those millions of people will have the motivation, knowledge and equipment to reverse engineer the decryption system which the manufacturer put into their hands. And of course, once one person has done it the information they gained will be publicised and it'll be common knowledge how to crack the DRM (exactly like CSS).

    Once your DRM system is cracked, what are you going to do? You could replace it with a new system but that would involve upgrading everyone's DRM decryption chips (possible by re-flashing the firmware, but a logistical nightmare to make sure everyone upgrades), and anything that's been DRM'd with the old system is now effectively DRM-less. And besides, if you make the DRM firmware flash-upgradable, that probably just makes it easier to compromise in the first place.

  11. Re:Not True on BBC on DRM and Trusted Computing · · Score: 1

    This is not true, because efforts to impose "trusted computing" on all hardware by force of law. Even if an encryption scheme is broken, the media material could have embedded noise in it with a digital signature information and hardware could be mandated not to process any digital media or information unless it's properly signed.

    Ok, so lets say I have some DRM'd music. I can only play it on some trusted hardware. Now, if I crack the encryption and grab the raw audio, I can easilly destroy any digital watermark that's in the audio track and reencode it as an MP3/OGG/whatever. This would be unsigned. Yes, you can now have some hardware which will refuse to play that audio because it's unsigned, but that's not going to happen:

    1. It would prevent me from playing unsigned audio to which I own the copyright (e.g. audio I created myself), thus not acceptable to a very large number of (legitimate) users.
    2. What about all the older hardware out there? I have 15 year old sound cards kicking around still which do a perfectly fine job of playing audio.
    3. Building a simple DAC is *EASY* - yes they can legislate that it's illegal but it's basically unenforcable to stop people doing what is essentially a school electronics project.

    Basically as soon as the DRM is cracked then the content is essentially in the public domain - there's nothing you can do to prevent people from playing it. I honestly can't see the "trusted computing" crap to be much more than a minor headache for copyright infringers - just like CSS.

  12. Re:What a bunch... on EDS: Linux is Insecure, Unscalable · · Score: 1

    For a large enterprise a fork IS a bad thing. So is a new version, a patch, an update, any change. If you have thousands of computers any change costs time and money.

    That very much depends on what you're doing with it - if your large enterprise requires a feature that is produced *because* of the fork then it is beneficial. e.g. one group of developers want to take a project one way, the other want to take it another way - one of those ways has the features you need. Take a closed solution where there would be a management decision to (not) do something rather thean fork and you can see that under the forked solution you get the feature you're after, after some effort to migrate to the branch with that feature in whereas under the closed solution you'd just never get that feature since someone somewhere took a mangement decision to block it.

    This is definitely an area where MS has the upper hand and will have until there are heavyweight supported distros.

    Definately not - MS will make a decision not to implement something because of business or political reasons whereas a FOSS solution will often implement something *because someone needs it* even if it results in a fork. This obviously means that the MS software is nowhere near as capable. No point in having a really stable environment if it doesn't do what you need it for.

  13. Re:What a bunch... on EDS: Linux is Insecure, Unscalable · · Score: 1

    The Linux kernel does have quite a few forks. They're just not big, seperate forks. Their work gets routinely folded back into Linus' fork. There's the personal forks like Alan Cox's -ac patch, Andrew Mortons' -mm patch, etc.

    What's more, the average user doesn't know or care about the forks - they use whatever Red Hat / SUSE / Debian / Whoever gives them.. But forks allow those of us who are clueful enough to look at another fork and grab a feature we really need.

    Under the "forkless" windows, if you need something that's not in the software as standard you're basically screwed. Under Linux you can look around for the feature you're after in another fork and switch to that fork or quickly port that feature back into the main line kernel. And coz of it's open nature, under Linux you can write (or emply someone to write) the feature you need yourself, which is something you can never do under windows if the code you need to fix is buried deep in the kernel.

  14. Re:What a bunch... on EDS: Linux is Insecure, Unscalable · · Score: 3, Insightful

    Anybody switching from the Windows 2000 GUI to the XP GUI is going to have MAJOR problems with figuring out where everything is on the Start menu.

    Yep, I can vouch for that - I recently had to set up an XP machine (the last version of windows I touched was 2000 and the last version I seriously used was 98). It caused quite a lot of frustration trying to work out how the hell to add shortcuts to the top level start menu whereas in Win2000/98 you just right clicked and added a shortcut. XP is now down in my book as completely unintuitive - Linux is much easier and less frustrating to use.

  15. Re:What a bunch... on EDS: Linux is Insecure, Unscalable · · Score: 2, Informative

    I was just illustrating that having parallel platforms stagnates progress.

    Rubbish - choice is a Good Thing. I like being able to choose my Window manager and have the WM's developers make all the decisions for me. I was using Gnome for a while (I find KDE completely unintuitive) and I got sick of the way the Gnome project was heading so I switched to Enlightenment and am very happy - you can't do that under Windows which it's single shell (yes, I know there are 3rd party shells available for windows but if you bring them into it then you just destroyed your own arguement).

    Note: I have no objection to people using Gnome / KDE / whatever they like - if it works for you, fine, but taking away the user's choice under the false claim that choice causes stagnation is rubbish.

    I'm sure you can explain how the lack of choice in web browsers has prevented the stagnation in Internet Explorer can't you?

    and can copy-paste damn near anything between each other

    I have had no problems with copy and paste under X for years. Windows and the various WMs under X are _different_ - this doesn't make Windows _better_. I've not used Windows seriously since Win98 and every time I have to do something with Windows I realise just how much easier and more intuitive Linux is.

  16. Re:What a bunch... on EDS: Linux is Insecure, Unscalable · · Score: -1, Troll

    "could fork into many different flavours"

    As opposed to Windows which is one flavour - tastes like shit, looks like shit, maybe it is shit :)

  17. Re:nofollow won't stop it. on 'Online Poker' Googlebomb · · Score: 1

    But the spammer doesn't care. They don't check if you're using nofollow, they just vandalise your comments and run.

    Sad but true - I have had no experience with comment spamming but I've been hit by log spammers. My web stats were excluded from being crawled by the robots.txt file, so not exactly rocket science for the spammers to check. However, despite this they absolutely hammered my site until I firewalled out their whole ISP (who refused to respond to abuse reports - the spammers were on dynamic IP addresses so I had no choice but to block both /16 subnets belonging to the ISP). My web stats are nolonger even online (haven't been for about a year) but I still get a logspammer hitting my site every so often. Sadly it seems it's easier for the spammers to just hit a site rather than checking if it'll actually do them any good beforehand.

    I do have a comment submission system for my photo gallery pages - the comments have to be approved by me before they're published. Thankfully noone's tried spamming that yet.

    I like your idea of a blackhole list - it'd be nice if google used it to exclude people from their index too (hell, google could even run the thing - it's in their interest).

  18. Re:Google [ play online poker ] on 'Online Poker' Googlebomb · · Score: 1

    I get between three and five entries comments every day from online poker spamers. They do their comments in HTML, and add H1 tags to the entire thing. Each comment consists of about 50 links ranging from online poker to places to buy viagra.

    1. Disallow HTML comments
    2. Don't publish comments on your site until they have been approved by you
    3. Put a warning on the sumbission form saying that they don't get published without approval.
    4. If you *must* have a system to publish unapproved comments, filter the submissions for obvious words and make sure they don't consist (almost) entirely of links.

    Yes, comment spammers and log spammers are inconsiderate antisocial bastards (what's new?), but some basic measures to stop them are reasonably easy to do and makes their lives a bit harder.

    (I was hit by a log spammer last year even though my webstats aren't crawlable. The spammer took to pulling several tens of gig off my site a day from dynamic IP addresses on a single ISP. I ended up blocking both /16 subnets owned by the ISP and emailed the ISP's abuse address. No reply and I still see the log spamming attempts hitting the firewall rules I set up to block them so unfortunately the entire ISP is still blocked. I hate the idea of blanket blocking everyone using a popular ISP because of 1 person's actions, but when the ISP ignores your abuse reports what else can you do?)

  19. Re:Safety First on Microsoft to Offer Patches to U.S. Govt. First · · Score: 0, Troll

    I suspect that unless you are on Microsoft's new "A list" the chances of there being an exploit in the wild before there is a generally available patch releases just went up.

    In my experience, MS usually waits until there's an exploit in the wild before bothering to start fixing the hole anyway...

  20. Re:The 'bulk data' tag on Long-Awaited BitTorrent 4.0 Released · · Score: 1

    I believe the ToS bits have been ignored by most routers for a LONG time.

    The reason being, IIRC, is that Microsoft decided not to play "good net citizen" and the Windows IP stack sets outgoing packets as 0x10 (or other similar "high priority" category) no matter what.


    Doh - I didn't realise they'd ever been implemented by public internet routers.

  21. Re:Of course? on Is VoIP Google's Next Frontier? · · Score: 1

    Heck, even the majority of Slashdotters might not care either.

    I don't think anyone will care whether they're using Asterisk or not so long as they support the standard protocols (i.e. don't become another Skype). Bothing about what they run internally would be like saying "I don't use the Google search engine because it doesn't run on Apache" - Google speaks HTTP so who cares what's running on the back end?

  22. Re:Quality? on Is VoIP Google's Next Frontier? · · Score: 1

    He cuts in and out all the time

    Is he using Skype by any chance? (Skype has these problems)
    Of course, all VoIP services will suffer problems if you have a crappy ISP.

    low volume

    That's a problem with his (soft)phone or microphone - if he's using a softphone then turn the sound card volume up.

    there's constant static

    Never had that problem - I use SIP and it's as clear as a bell (even using a low bandwidth codec like GSM).

  23. Re:Honestly... on MiniMo(zilla) Running on Windows Mobile · · Score: 1

    Firefox/Thunderbird isn't exactly "perfect" yet for the desktop?

    Not sure where Thunderbird comes into any of this (I thought we were talking about a web browser, not a mail client). Anyway, admittedly FireFox has some bugs, what software doesn't, but it has a darn site less rendering bugs than Opera I'm afraid (ask anyone who's tried to write a XHTML 1.1 Strict + CSS2 website - Opera gets a lot of stuff wrong unfortunately).

    In any case, why are you complaining about a project to give people mroe choice? isn't that a good thing? (Yes, I run Opera on my P900 but I wouldn't mind some alternatives, it's got some annoying rendering bugs in it).

  24. Re:The 'bulk data' tag on Long-Awaited BitTorrent 4.0 Released · · Score: 1

    It is very helpful to ISPs to have the bulk classification, so that their more time-sensitive data (ie, VOIP) doesn't get clobbered when someone starts using bittorrent.

    Doing QoS on a public net (whilest it would be nice) seems like a potentially bad idea unless you put some safeguards in place:

    If you always prioritise traffic with it's ToS key set to 0x10 (minimise delay) then that suddenly becomes an effective DoS vector - flood a network with packets set to ToS 0x10, they get priority and you just paralised all lower priority traffic. You could limit the amount of bandwidth that can be used for traffic marked as "minimise delay" and treat anything over that limit as normal unprioritised traffic but that raises the question of how to decide what this limit should be?

  25. Re:nobody should be at the front of the line on Long-Awaited BitTorrent 4.0 Released · · Score: 1

    Remember the Google Zeitgeist before they removed the OS stats last year? Mac 3%, Linux desktops 1%. Just another data point, I guess.

    I'd be curious to see those stats just prior to the release of the Mac Mini and 12 or 24 months after the release - I'm wondering just how many converts Apple are going to get from the windows crowd. (I'm hoping it's a lot - I personally am not a Mac user, I'm exclusively Linux, but I wholly support people using Macs since they have a proper operating system instead of the toy that Microsoft produces).