Slashdot Mirror


User: SanityInAnarchy

SanityInAnarchy's activity in the archive.

Stories
0
Comments
12,413
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,413

  1. What's magical about religion here? on Will the Pope Declare Google Evil? · · Score: 1

    Specifically: Can't the government already do that with everything else? Seems to me, they do already.

    Example: They could just decide that, because I read Slashdot, I could be Slashdot-taxed. This would discourage people from reading Slashdot.

    If they're not allowed to do that, I'm sure you could take that law, change some of the words, and use it to prevent them from preferring one religion over another, while taxing them all.

  2. Re:It happends... on GPL Violations On Windows Go Unnoticed? · · Score: 1

    As a software developer for a closed source application you don't want people poking around in your code find reasons to sue you except for the fact they happen to look at your program.

    Why not?

    GPL People care about the end users rights, not for the developers rights. Developers are people too who deserve some rights of their own.

    True.

    And as a developer, I really do enjoy the right to develop just about every piece of software I use.

  3. Re:How's this funny again? on Vista Bug Costs Users In Swedish Town Their Internet · · Score: 1

    That doesn't make it well supported. From what I hear, it's fairly unstable, and also a bit of a hack.

    Compare that to Silverlight -- Mono is fully supported on 64-bit, so I see no reason Silverlight wouldn't be as well.

  4. Re:Why do people still use Windows? on Vista Bug Costs Users In Swedish Town Their Internet · · Score: 5, Insightful

    My wife's bottom-basement laptop bought a year and a half ago could run Vista just fine. If by "extreme" you mean "modern", I suppose that holds up.

    If by "modern", you mean "at least 1 gig of RAM", I guess that works.

    I have tried it on a machine with 512 megs of RAM. It was Home Basic, and it was loaded down with HP crap, but no matter how much I cleared away, it still took several minutes to do anything. And I mean anything. Control panel? Two minutes. Internet Explorer? A minute and a half. It was ludicrous.

    And I am fairly confident it was the RAM, because it was paging like mad. I did plug in a USB stick and used ReadyBoost while I was there, and it did improve things, but not by much.

    Now, I know someone who upgraded from XP 64-bit to Vista, and basically raves about everything about it, and I don't blame her -- XP 64-bit sucked. She realizes that was a mistake, should've stayed on 32-bit. But Vista 64-bit isn't bad (finally catching up to Linux' 64-bit support), and it's generally been solid for her.

    She also has, I believe, some 2 gigs of RAM.

    Her advice to me was, less than a gig of RAM? XP is faster. A gig or more? Vista is faster.

    Which makes me wonder what the fuck it's using half a gig of RAM for. I have Kontact (Outlook-like app, so email, calendar, etc), Konqueror (web browser), two IRC clients, Kopete (multi-IM client), KTorrent (bittorrent), and a Windows game open in Wine right now, and it's using less than 600 megs of RAM. Vista, apparently, uses at least that much just to show you a desktop -- I remember it being a gig or so paged (I'm not kidding) with nothing open other than the task list. What gives?

    It's not Aero, by the way. I've had Beryl on this computer before, and right now, it's running KWin with everything turned on, which includes some Beryl/Aero-like features (including real drop shadows and transparency), and that doesn't use a significant amount of RAM, either.

    I'm sorry, but I've never had a PC that wasn't slowed down when downloading.

    The issue is that when you play media, your download slows. And there is absolutely no reason for this, and versions of Windows prior to Vista are not effected, all the way back to 95, probably 3.1.

    And I actually do have a PC that doesn't do that. It runs Ubuntu. It also doesn't slow down when downloading, even torrents, because they use so little of my resources (aside from bandwidth) that I can do pretty much anything I was doing before (unless it's online).

    (And what you're referring to as a bug, that, gasp, they're working on.)

    Where'd you get this information?

    Last I checked, they hadn't even acknowledged it as a bug. They were still insisting that it had to be this way in order to not have the music skip. (Well, guess what? My music doesn't skip even when I'm transferring stuff over Gigabit. Novel concept, I know.)

    People complain that Linux is focused on throughput and not latency -- that is, that it'll make my desktop lag just so that background compile can run 2% faster. Here's a clear example of why you don't want to go too far the other way, though -- playing any audio at all on Vista slows your network down by 10%.

    It may not be enough for you to notice, as that's still probably faster than your Internet. Probably. But it doesn't make it any less of a bug, no matter what Microsoft says.

    Linux will take over Windows when it is hands-down better than the current version of windows from the user's perspective.

    That is and has been true, and occasionally various users find it better enough to make the switch. (Not all users do, obviously, and some never will.)

    Not just "good enough", but UNARGUABLY BETTER.

    Being able to download fast while playing media is unarguably better than lagging. Being able to play a multiplayer

  5. Re:How's this funny again? on Vista Bug Costs Users In Swedish Town Their Internet · · Score: 1

    You were mostly right, but:

    It's believed that Silverlight is an attempt to make a Flash that only works on MS and Apple machines, cutting out Linux users.

    Now, where did that come from?

    Microsoft is actively working with Mono to ensure that other platforms are supported. However, as far as I know, there is, to this day, no supported .NET on a Mac, only Mono.

    What's scary is, I'm betting Silverlight will be usable and well supported on 64-bit Linux before Flash is.

  6. Being a dick on principle on Vista Bug Costs Users In Swedish Town Their Internet · · Score: 2, Insightful

    That's not a bad thing here. Microsoft is generally a dick without principle.

    The end-users don't have control over how MS wrote their DHCP routines.

    Microsoft, however, does. And the only way to get through to Microsoft is through their end-users -- or maybe their actual customers.

    If it's a change that the ISP could make, why not? If it was the other way around, people would be yelling about choice.

    Actually, no.

    Generally, when it's the other way around -- that is, when some open-source project can't communicate with something standard-compliant -- well, first off, pigs are flying; this just generally doesn't happen.

    But also, we fix it. We don't run around screaming and blaming others unless there is a reason to.

    Example: If it's actually a bug in, say, Firefox rendering, we fix Firefox. However, if someone deliberately sends the wrong page, or even just an "access denied" page, to Firefox users based on nothing more than a user-agent string, then we pull out our user-agent switchers and pretend to be IE -- and we also bitch loudly.

    Take a look at the shit the Wine project has to do, on pretty much a daily basis, just to get Windows programs to run. They can't even write to Microsoft's standard, because Microsoft doesn't, and application developers don't -- Microsoft writes whatever they felt like that day, developers work around that, and Wine gets stuck having to reproduce "bug for bug" compatibility.

    So in general, no, the community does not usually have an attitude of "obey the standards or we won't cooperate." Perhaps we should. I know I often have a mind to block users on IE6, at least, and maybe IE7 also, so I don't have to do extra work to support them.

  7. Re:The more I learn about JavaScript... on GWT in Action · · Score: 1

    Having a language like Python be faster than C is a pretty lofty goal. I'd love to see it accomplished, but I'm skeptical.

    Well, there are actually reasons this might happen.

    I wrote a long explanation about high-level versus low-level, about why C is better than ASM and why Java is occasionally faster than C (no, really), but I decided I wanted to keep this as short as possible, so here it is:

    psyco was a JIT compiler for Python bytecode. I say "was" because it's x86 only, not even any 64-bit support, and is being replaced by pypy, which is a variant of Python written in Python, and which hopes to duplicate some of the work of psyco in a more portable way.

    What psyco did that's interesting is, unlike other JITs, it would often compile multiple versions of a particular bytecode, and choose which one to use based not on some programmer's idea of which is "more optimized", but by looking at the actual workload the program was facing.

    In short, there are optimizations that it is only possible to make at runtime, which means C will never be able to implement them. A C program might, just as there's a C library for garbage collection, but it would always be tacked on.

    I did talk to someone about this. He was working on a similar project. However, he almost scoffed at the idea of "faster than C" as being too low of a goal, because even at a low level, there are things C compilers just don't do, even if they should be able to.

    Also, static vs dynamic typing is another sticking point. I know there is research being done to get the best of both worlds, but it's hard. There's no way a general purpose language will take over the world if it only appeals to one side.

    Well, being able to behave like one or the other is probably not a solution. It would have to actually be a hybrid of sorts.

    My first instinct, though, is to throw out the static typing, at least as a language feature. Let the language do type inference as best it can, and detect as much as it can at compile time, but if people start doing dynamic things with it, so be it.

    More specifically -- given sufficient type inference and support for advanced OO features like mixins, I think a static language becomes pretty much equivalent to a dynamic language. But that's just types...

    It's about 2:20 AM. I'll have to read this post again in the morning, because what I just said is either very insightful or very stupid, and I can't tell which.

  8. Put them on Linux... on Mark Russinovich On Vista Network Slowdown · · Score: 1

    I know it's probably not possible now, but I just want to put the idea in your head...

    KDE is not ported to Windows. But, if all they do is office, and you've already got them using Openoffice... if Outlook is the only other thing holding them back, they could move to Linux in order to use the KDE suite. Including, maybe, KOffice.

    But maybe I'm just overly optimistic because I just managed to get my favorite MMO to run on vanilla Wine, instead of Cedega, for an absolutely amazing improvement. It now Just Works, every bit as well as on Windows. It's rock solid, reliable... and ancedotal. Still, it's something to be optimistic about!

  9. Paragraphs! on How Do I Secure An IP, While Leaving Options Open? · · Score: 1

    Dear god, man!

    In response, I'm not sure time.gov is sufficient. I'd prefer something more decentralized. Right now, we do have a few timestamping authorities...

    What I'd like to see is a network of cooperating timeservers, that send logs of their signatures to each other to get signed. So that you would first get one signature back, then 5 or 10, and so on... Also making a breach of security much less devastating.

    And by the way... DON'T USE MD5!!! There are better hashes out there now.

  10. Re:Use a digital timestamping service on How Do I Secure An IP, While Leaving Options Open? · · Score: 1

    There's also the fact that putting your personal information into the ad is giving out your personal information. You can prove a hash matches your content, but you can't produce the content from the hash.

  11. Re:Sad... on Storm Hits Blogger Network · · Score: 1

    Even better example, then. Drivers are expected to be able to navigate all kinds of different interfaces, and not crash the car. Accelerator on the right, brake on the left, clutch (if you have one) to the left of that, parking brake maybe left of that, and maybe in the center console...

    Whereas most computer users, if they adapt at all, just learn to click "OK" or "Continue" or whatever will make the bad box go away. These people deserve to be selected out.

  12. Performance per watt per... on In Tests Opteron Shows Efficiency Edge Over Intel, Again · · Score: 3, Insightful

    It's all about performance per watt. Well, and other considerations, like how much the hardware costs up front, and how much physical space it will require.

    The bottom line is: You want to spend your money in the most efficient way possible.

    If you have two potential architectures, and one offers more performance per watt, then ignoring up front hardware costs, it's cheaper to run the one that costs you less power. That's a bit different than suggesting they just use a bunch of laptop CPUs.

  13. Not worth it, but... on Student and Professor Build Budget Supercomputer · · Score: 1

    You could do encoding with it. Either encode a bunch of movies at once, or encode them with h.264's multi-encoding feature (with a slight drop in quality).

    You could also do rendering on it. It would basically be your own personal renderfarm.

    You could compile code on it, too. Or use some of them as test rigs -- run different OSes on them to test your code on -- instead of virtualizing it all under one Linux.

    But I don't think either of these is really valid, even if these are both things you do a lot, because one dual-core machine is usually fast enough to do all of this as fast as you realistically need it done.

  14. Re:Wait... what? on Court Rules Against TorrentSpy In MPAA Email Suit · · Score: 1

    there'd be posts about how emails are like postcards and they should have known to use encryption.

    Um, there were. It's also beside the point.

    Which is ironic, since what TorrentSpy does is ALSO illegal, but no one seems to care about THOSE laws.

    I'm sorry, but we live in America. The law here is "innocent until proven guilty". Right now, I don't even know if there's a precedent for a tracker itself being guilty of anything, yet I really can't see any doubt that buying emails is entirely illegal.

    As for the people actually downloading those torrents, they're fair game, except that the MPAA doesn't seem to have a clue about finding them -- they seem to just pick people at random to sue.

  15. The law actually says you're wrong. on Court Rules Against TorrentSpy In MPAA Email Suit · · Score: 1

    illegal bittorrent aggregators need to be shut down.

    Except, as far as I know, it's not illegal (yet) to merely be a tracker, let alone an "aggregator", assuming you know what that word means.

    Don't like the law? Change it.

    It looks like the MPAA/RIAA have taken your advice. Whenever they don't like the law, they buy a Congressman and get it changed.

    But the fact is, as the law exists today, the RIAA, the MPAA, and others like them have no place, no legal place, in the United States.

    Fixed it for you.

    I'm sorry, but if you've actually read what happened here, they were buying emails from their opponents. We have a legal process for reading your opponent's email -- it's called "discovery". An organization willing to resort to illegal tactics to accomplish that has no place suing anyone for anything -- fucking hypocrites.

  16. A couple more factors... on Variety Says Class Action May Stop RIAA Suits · · Score: 2, Insightful

    The black market actually offers a superior product right now, ignoring price.

    • Pirated products have their DRM stripped out. DRM is often an annoyance to legitimate users, and sometimes actually harmful -- see the Sony "rootkits".
    • Pirated products are available for immediate download, through standardized means. Some legitimate products are, but most are only available through systems like iTunes and Steam, even when they don't come with DRM.
    • Pirated products can be cherry-picked, for no additional penalty. Some sites do not allow you to buy individual songs; others give you a choice between a song and an album, and the album is cheaper per-song.
    • Downloadable pirated products compete on quality, as there can be multiple rips of the same thing, some good, some bad. Downloadable legitimate products are good or they aren't -- your only other alternative is to buy the physical media, which, admittedly, usually has better quality than anything downloadable.

    I could probably think of a few more, but the DRM is a big one. Basically, I might buy or rent DVDs, but I pirate HD stuff, because there's nothing to rent that has the DRM sufficiently cracked.

    I also think that surely Hollywood and the RIAA have enough money to provide an even better experience than pirated stuff, but so far, they refuse to do it. Instead, they'd rather sue people.

  17. Re:PHP has classes... on GWT in Action · · Score: 1

    Neither are the many ways of doing OOP in perl, but you don't see a lot of perl packages that do that.

    That's odd. Almost all the ones I use at least provide an OOP way of doing things, even where it doesn't really make sense (things like Data::Dumper).

    XML::SAX. Mime::Entity. WWW::Mechanize. DBI. Archive::Zip... the list goes on.

    Maybe a lot of perl programs don't, but just about every CPAN module I've ever used does, even in cases where it really doesn't make a lot of sense.

    The issue is the mountains of old javascript out there that would have to be refactored if we wanted to get them to start using namespaces.

    Well, that had to happen with Perl. Perl didn't always support OOP.

    You're obviously implying that it's inappropriate to expect that from a library.

    No, I'm implying that it's not a valid criticism of the language that a library doesn't behave the way you'd like. If you don't like that library, use a different one.

    I've never heard of a perl library in CPAN that wasn't in a module (i.e. encapsulated in a namespace).... These languages have namespace mechanisms built-in, so ALL libraries have at least this behavior.

    Well, no. I don't know exactly how CPAN works, but it does have rules about what's accepted, including documentation.

    There are certainly Perl libraries outside of CPAN that don't do this. They just aren't very common -- if you want your Perl library taken seriously, you put it in CPAN. But that's a feature of the community, not the language.

    Why should I have to expect less from javascript?

    Because Javascript has no CPAN.

    Also, because Javascript was designed to do little things like rollovers and form validation, so for years, that's all people thought it could do. AJAX has finally forced people to start taking it seriously, but there are still a lot of old coders out there writing crappy javascript, just as there are a lot of people out there still using the <FONT> tag.

    I also fail to see how including it in the spec would solve anything. All it would do is break existing browsers until they all support a "namespace" keyword, and create yet another feature that would be ignored by most developers -- the ones who don't use namespaces wouldn't notice. The ones who do use namespaces would continue to use the functional "hack", because it's just as good, and it's supported by old browsers.

    Further, it is difficult to argue the connection between poorly designed javascript+other javascript with code written in one language+code written in a different language.

    I don't see the distinction here.

    We didn't always know Javascript could do namespaces. Then someone discovered them. Realistically, we should start using a different name for well-designed Javascript...

    And C++ is C with classes. It is possible to call C from C++ not because of any mysterious voodoo like that involved in calling C from Perl or Python, but because C is a subset of C++. In fact, if you think object-oriented design is a good idea, then just about every C library is the equivalent of poorly-designed Javascript libraries that don't use namespaces -- because C++ does support namespaces, and g++ is available pretty much everywhere gcc is.

    And yes, I could even go far enough to justify "calling C code from Java" -- last I checked, the Java runtime is written in C, even if parts of it are written in Java. Therefore, any C program that doesn't also use Java could be seen as a C+Java program that doesn't use namespaces/GC/classes/interfaces and all the other nice features of Java.

    The fact that good Javascript is so rare doesn't reflect poorly on good Javascript. It does mean that it's not a very popular language, but it does have pretty decent tool support in the form of IDEs, debuggers, and web browsers to deploy on.

  18. Re:Sad... on Storm Hits Blogger Network · · Score: 1

    What users "should" know is completely irrelevant. (not even touching on the fact that it's only what you happen to think they should know, no exactly popular opinion, but that's not the issue here)

    I don't think so.

    If I buy a knife, and I should know not to stab myself in the face, and I do it anyway, whose fault is it?

    Sadly, we software engineers have to consider what a user is likely to know and build from there. Which is exactly what these Storm authors have done and what these blogging software designers should have done.

    Erm... what?

    It is impossible to build an idiot-proof system. It's an arms race -- someone will always build a better idiot.

    The only way to make it impossible for something like this to happen is to completely remove the control that people currently enjoy over their own computers. For example: Consider a game console. It takes a certain amount of technical expertise to use one for anything other than playing officially signed and licensed games. Therefore, it's actually physically impossible for you to do something stupid online with one, unless you're also savvy enough to have a modchip.

    Are you honestly saying that it was possible, in any way, for the blogging software to do anything more than it already did? They've already done the most obvious thing -- CAPTCHAS. They've also now begun shutting down blogs which have become infested. The only way I can see of completely preventing it is heuristics -- blocking things that look like that particular spam -- and then, that software would become unusable for anyone technically savvy, because they'd be unable to show an example of what it looks like, without taking a screenshot (which shouldn't be necessary).

    And yes, I think the designers -should- have and I feel justified in saying so, since the responsibility lies with the designers here.

    Bullshit. You stabbed yourself in the face, it is your own fucking fault. You do not get to go sue the knife manufacturer. If they are guilty of anything, it's for selling it to a moron like you -- but how could they know you were a moron?

    The solution to this is really simple -- personal responsibility. If you spill coffee on your lap, guess what? COFFEE IS HOT!!! You do not then get to sue McDonald's for not putting a warning on the coffee cup, saying "Warning! Beverage is hot!" And yet, this kind of shit happens all the time. I didn't even make up the story about the coffee; someone did actually sue McDonald's for that.

    Just writing a nice little bit in the license agreement is not enough to wave that responsibility in my book. Maybe legally so, but not morally.

    Well, in the above situation with the coffee, all too often, it's legally possible to sue people. Is it morally right?

    You tell me.

    Oh, I should mention -- Colorado is the only state to have gotten this right. In Colorado, it is state law that no ski resort is responsible for your medical expenses, should you hurt yourself on the mountain.

  19. Re:Sad... on Storm Hits Blogger Network · · Score: 1

    you'd have ISPs, auction sites, hardware manufacturers up in arms

    Let's think about that.

    ISPs benefit, because no one's running botnets that waste their bandwidth and send tons of spam, thus marking them on blacklists.

    Auction sites benefit, because no one can develop a botnet to infect others, and cause them to create fallacious auctions. And eBay in particular benefits, because PayPal now has less fraud to deal with, because no one's going to enter their paypal information on a phishing site anymore.

    Hardware manufacturers are the only ones without an immediate, obvious benefit. The advantage is, people would know enough to easily be able to adapt to a new computer, and move all their stuff over, so there'd be less fear of upgrading, just a financial concern. The downside is, no one would upgrade simply because their old computer was infested with spyware.

    They'd take a long time to return if you forced them to train first.

    Not likely. How many people refuse to drive because they're forced to take Driver's Education, or at least a little test?

    No one. Driving is a necessity for many people, and such an attractive luxury for everyone else that even in a small town where everything's within walking distance, everyone who can afford a car has one, and a license.

    I'd like to think that computers are at least that necessary (or perceived as necessary) to most people that they would take a test, if they had to.

    As it stands, no-one's died from malware yet, thus trying to draw any car analogy is moot.

    People have died from bad software, though. Stupid things like rounding errors... I would imagine that geek terrorists could find a way to do the same thing.

    In any case, it doesn't always require people dying. It could be a financial loss, like that caused by random spam, or extortion from DoS attacks. And we do have things like the SEC, for that.

    But my point with the car analogy is: I would imagine that most adults in the US have a driver's license. And I'm fairly sure that every state at least requires you to take an exam, if not the entire Driver's Education course. So it would be hell to try and get that legislation passed in the first place, given congressmen would likely fail it right away, but if it were passed, people would bitch, but they would do it, and "viruses" like this would die a well-deserved death.

  20. Re:Sad... on Storm Hits Blogger Network · · Score: 1

    For the same reason that I know the big pedal in my car is the brake, and the little one is the accelerator, and I know what "brake" and "accelerator" means.

    For the same reason that I know red means stop, and green means go.

    Because if they don't know what a program (executable) is, they won't know the difference between a harmless webpage and a harmful exe.

  21. Backups. on AMD Unveils SSE5 Instruction Set · · Score: 1

    Good luck recovering any information when your hard drive dies entirely.

  22. Re:Sad... on Storm Hits Blogger Network · · Score: 1

    the kind of error message which 80% of computer users, ie the naive ones, pay no attention to whatsoever.

    It's not an error message.

    They either ignore it completely or try and understand what it means but give up.

    Which is truly pathetic. Wikipedia has a good definition, and it's the second result from a Google search. I have another: HTML in an email makes it more than just plain text -- that means it can have bold and italic. It also means it can have viruses and spyware.

    That's right -- I just explained it in terms that any newbie can understand in two sentences. Oh, they don't know what spyware is? It's software that does bad things, like taking your credit card number and sending it to a hacker over the Internet.

    We need to start forcing this kind of basic education on that 80% of computer users. That "error" message is one way to do that -- if they ignore it completely, they can't read their mail properly. It's a lot harder for them to completely click through it without at least halfway-reading -- there's no big OK button for them to reflexively click.

    At the very least, "computer skills" should include the kind of basic instinct to understand the difference between safe experimenting -- just click around on all the various options you see, and when you're done, right-click on everything, see what happens -- and complete stupidity -- don't just reflexively click "ok" without reading and understanding the message, and if you're not sure what it's asking, find out. Unless you are on Vista, in which case, the solution is to install XP or Linux. (Trust me, if you're not computer savvy enough to understand "Are you sure you want to run this DANGEROUS SHIT FROM THE INTERNET?", you're not going to get yourself into any more trouble if I put you on Linux.)

  23. Sounds good... I hope on AMD Unveils SSE5 Instruction Set · · Score: 1

    If they take anything close to the same attitude with their GPUs as they just did with their new CPU instruction set, that would mean we'd finally have a reasonably fast GPU with a completely open software stack.

    As it is, ATI/AMD is maybe less proprietary than nVidia, but their Linux support sucks. Intel, however, typically has very good support, even though it's entirely open drivers, and apparently not sponsored much by Intel itself.

  24. It's a couple links deep... on AMD Unveils SSE5 Instruction Set · · Score: 5, Informative

    Read this interview with Dr Dobbs:

    A floating-point matrix multiply using the new SSE5 extensions is 30 percent faster than a similar algorithm

    I believe this helps gaming and other simulations.

    Discrete Cosine Transformations (DCT), which are a basic building block for encoders, get a 20 percent performance improvement

    And then we have the "holy shit" moment:

    For example, the Advanced Encryption Standard (AES) algorithm gets a factor of 5 performance improvement by using the new SSE5 extension

    If I get one of these CPUs, I'll almost certainly be encrypting my hard drives. It was already fast enough, but now...

    As for existing OS support, it looks promising:

    We're also working closely with the tool community to enable developer adoption -- PGI is on board, updates to the GCC compiler will be available this week, and AMD Code Analyst Performance Analyzer, AMD Performance Library, AMD Core Math Library and AMD SimNow (system emulator) are all updated with SSE5 support.

    So, if you're really curious, you can download SimNow and emulate an SSE5 CPU, try to boot your favorite OS... even though they say they're not planning to ship the silicon for another two years. Given that they say the GCC patches will be out in a week, I imagine two years is plenty of time to get everything rock solid on the software end.

  25. Re:Sad... on Storm Hits Blogger Network · · Score: 4, Informative

    With regards to the link, they were also masked well to show up as a youtube url.

    If by "masked well", you mean:

    <a href="http://136.159.166.125/">http://www.youtube. com/watch?v=BmcXqxdPoP6</a>

    Yeah, I'd say that's more than "just a little naive" -- it's downright stupid. I don't know how Outlook does it, but Kontact/Kmail does two things: First, it defaults to displaying everything as text if it can, with a big red box at the top that says:

    Note: This is an HTML message. For security reasons, only the raw HTML code is shown. If you trust the sender of this message then you can activate formatted HTML display for this message by clicking here.

    (Link goes nowhere, as this is Slashdot, not actually Kmail.)

    After clicking that link, the HTML is shown, but without images. A similar box will be there if there are external images, allowing you to turn them on. But even with everything enabled, it's still easy as hell -- mouseover the youtube link, and the nappy IP address link shows up in the status bar.

    Ok, fine, let's assume that someone can be "just a little naive" at that point -- which I think is a stretch, in this day and age; someone who doesn't know that much should take a course before touching a computer.

    In that case, the last time I tried to do that, it opened up Konqueror, which popped up a window asking me what I wanted to do with this file. HINT, HINT, HUGE FUCKING HINT -- the file ends in .exe, which again, every computer user should know, means "executable". But even if they don't, every computer user should at least know not to download/open random files from the Internet, unless it's a format they recognize.

    How long did it take us to convince computer users to not open attachments? And now this takes the world by storm...

    In IE, if I remember, this is going to give you one prompt to download it or "open" it, and after you click "open", it will download, and then give you at least one, if not two more prompts about the program being unsigned. If you're running Vista, it will give you yet another prompt, telling you that this program needs your permission to continue fucking with your computer.

    That's -- let me count -- about five separate clues that you don't even have to go out of your way to run into -- realistically, probably three or four. Not to mention the fact that my spamfilter caught most of these before I even started seeing them and training on them, and that example I just pasted to you contains the email address "jerk2werk@nehp.net" -- yet another obvious clue; I don't know anyone with an email address like that.

    And there are yet more clues if you start digging -- turning on "all headers", you can see two "Received:" headers and one "Sender:" header, neither of which matches, in any way, the "From:" header.

    I'm not saying that everyone should know how to dig through email headers, until they have to -- but those are just the technical "duh" factors. There's also the nontechnical one -- I didn't make a video, and I didn't upload it to Youtube. I might click that link out of curiosity, but clicking a normal Youtube link doesn't ask me if I want to download or open anything.

    So what's sad to me is not only that this kind of shit still happens, but that you, like many others, consider it to be "not stupid, just a little naive." We require Driver's Education in my state to operate a car, which is significantly easier than a computer -- if you don't know how to use a computer, it absolutely IS your fault. Go educate yourself.

    As for the browser vulnerability, nope, sorry, read TFA. It's the exact same thing as the email "virus" -- it just has Youtube links to an exe file. Another one is even more obvious -- the link includes the nappy IP address right there, links to a file calle