Slashdot Mirror


User: SanityInAnarchy

SanityInAnarchy's activity in the archive.

Stories
0
Comments
12,413
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,413

  1. Re:Extinguish on Cross-Platform Microsoft · · Score: 1

    I'd like to defend Flash a bit. It's one of the few browser plugins that doesn't grind the browser/computer to a halt when starting.

    No, it waits till once it's running.

    Playing video is something my system does very well already. I can play avi, mov, mkv, ogg/ogm, vorbis, mp3, mpeg2, aac, ac3, h.264, wmv (even wmv3/wmv9), real, flv, and probably some things I've never even heard of -- all on Linux, with entirely open source software. Up to and including 720p played fullscreen on a 1600x1200 monitor, it never uses more than maybe 5-10% of my CPU -- the only video I get into trouble with CPU-wise is 1080p.

    But when I decide not to download an flv file -- not always easy to do, seeing as Flash is closed and most sites don't provide a download (or have some third-party download script I can find) -- I am stuck with Flash in the browser, which, even without going "fullscreen" (which isn't, really), it's over 50% CPU. I don't care so much on a desktop, but on a laptop, I really don't need my lap heating up, balls burning, etc, simply to play a really crappy-quality video.

    I'm not even going to get into comparing that tiny little vector graphic crap with what any decent Direct3D or OpenGL game can do... But dear God, why haven't the Flash guys learned to use hardware acceleration yet?

    What's crap also is that browsers don't offer a user-friendly way to manage plugins.

    Well, Firefox has noscript, which can be used on all plugins, not just flash -- I'm fairly sure this doesn't actually load the plugin. Konqueror has a reasonably easy-to-find setting in which I can make ALL plugins click-to-run, which means neither Flash nor Java will load until I explicitly tell it that I want that particular pane loaded. Konqueror also has a really easy way for me to enable and disable individual plugins -- from the same place where I turned all enabled plugins into click-to-run.

    Also? You can edit that "obscure configuraton file" in Firefox by going to "about:config". (That's a URL -- copy/paste to your address bar, without the quotes, and without http or anything else.) The file itself may not be user-friendly, but at least there's now a very user-friendly way of messing with those values.

  2. Re:Maybe... on High School Students Forced To Declare A Major · · Score: 1

    I had programmed on the side, so I was fairly well prepared regardless, but some programming courses would have made high school more fun.

    Well, maybe, maybe not.

    My experience with college CS courses is, they aren't designed to teach you to program. They're designed to take people who already know how to program, and teach them a lot of theory, and a lot of cool, interesting, useful stuff -- but the first course, anyone who doesn't know how to program wouldn't have a chance, and anyone who does can do what I did and get a B or so by skipping 90% of the lectures, doing the quizzes (10 mins once a week) and the homework (maybe 2-3 hours, less often than quizzes), and showing up twice a semester for the exams.

    In fact, my roommate did about the same thing. Probably could've spent half the time on the homeworks if we hadn't written all those snarky comments about how "Well, this WOULD have taken half the code, but Java is dumb and/or you forced me to use a less efficient method."

  3. Re:Maybe... on High School Students Forced To Declare A Major · · Score: 1

    Well, it could change emphasis, yes. But college has already solved this in a way that doesn't force you to already know what you're going to do the rest of your life.

    You see, there are majors, and there are a few required courses for those. But there are also places where you can take any course you want. You can even combine majors to make a new one, change majors and probably keep at least half your credit, and so on.

    I'd say, instead of letting kids who don't like math end up skipping it, start by making the courses more interesting, and make them actually teach skills everyone will need for college and/or for life.

    No one should be able to skip math entirely. No one should be able to skip shop entirely. No one should be able to skip computer science entirely.

    But, teach the things people actually need to know. In math, teach how to balance a checkbook, teach them the elementary arithmetic and then all the cheap tricks to estimate accurately, teach them at least some basic minimum wage skills like how to lift heavy objects without hurting your back, teach them enough IT that they know how to keep a computer system from becoming a zombie-spambot cesspool.

    Then, let them take courses that actually teach them how to program, or how to engineer, or how to do mathematical proofs. Hell, give them enough free time that they can get started on college courses if they want. I know I have some tiny amount of credit hours from a community college from when I was 15 or so.

    In other words: If you're going to force any education, force the mechanic to know that he's being overcharged by thousands of dollars on software to do something (say, his accounting) even he could probably write in ten minutes, if he sort of knew how. Force the artist to know enough math to be able to come up with a fair price in his head, and calculate how many paintings he'll have to sell to make ends meet. Force the engineer to take enough aesthetic and ergonomic theory to not create interfaces and designs that will actually hurt people or make their eyes bleed.

    But all of that really doesn't take long for the bright kids, so let them spend less time on it, so they can spend more time on what they're actually interested in. Let the artist get started on that masterpiece, or let the mechanic actually go fix a car or... whatever mechanics do.

    I realize it already sort of works this way, but I think any high school kid can see it's nowhere near what it could be. High school is boring as hell, and if you're very, very lucky, you'll have extracurricular activities you love, which will take up all of your time and leave you with none to be a kid. But it simply does not take an hour a day for three months... and again the next year, and the next year... to teach the basic math skills that most people need, and it's boring as hell with no context. "Jack leaves his house at 6:30 PM and heads west at 35 miles per hour, while Jill leaves at 7 going 60 kilometers per hour, they're 10 miles apart, when do they meet?..." THIS DOES NOT COUNT, which is why it's been mocked so thoroughly. It deserves to be.

    Yes, you need some of these stupid word problems, but also, take advantage of career day and get people to give examples of the word problems they actually have to solve at their job, like, "Jill started saving for retirement when she was 20. She saved $10k a year, and at 5% interest, how long will it be till she can retire? If she puts it in something riskier and makes 8% a year, how much sooner can she retire, or how much more will she have when she retires?" (Numbers pulled out of my ass, so when you actually give this to students, GET REAL NUMBERS.)

  4. I thought it looked familiar... on High School Students Forced To Declare A Major · · Score: 3, Informative
  5. Re:ANSWER THESE QUESTIONS, quit avoiding them on Microsoft Says "War on Terror" is Overblown · · Score: 1

    I am fairly respectable in this field as is, already & for the past decade or so:

    By "this exchange", I meant this exchange of posts. But hey, looks like you are APK, just didn't feel like signing that one for some reason.

    Maybe to see if I'd respond differently to someone else? Kind of a cheap, deceptive tactic there.

    Of course, if I really wanted to play dirty, I could point out that there are no good uses of ramdisks anymore (that I can think of) that aren't better served by tmpfs, which is not technically a ramdisk, or necessarily entirely RAM. On bootdisks, unionfs combined with tmpfs is even better. But that would be playing with semantics, and you'd whine about changing the subject, so let's just leave it at that. God forbid you should have to learn anything.

    Do you mean like someone who impersonates someone, as the url above shows you have done already? Those types of specifics??

    I'm very capable of actually fooling you, and everyone else, with a post like that. It was intended so that anyone who read that post could see that it was an impersonation, and also see my point about why anonymity (in the form of Anonymous Coward) is not a good thing.

    Do you mean like someone who first says their Linux distro has no SeLinux "baked in" already, & then suddenly does???

    You say you started with a score of 6, but suddenly, now you have a score of over 8??? YOU MUST BE LYING!!!

    Learning is not evidence of lying. Please stop pretending that it does, and I will stop sarcastically implying that you hate learning.

    Do you mean like someone who is most likely [makes up some more bullshit about me]

    And how about that test I sent you? Or those meaningful statistics you can't come up with? Are you stalling for time?

    You accuse me of "spin" and "playing with words", yet you keep making strawmen about me as your main argument. Most intelligent people on Slashdot would simply ignore you, for that reason alone. I've had it happen to me -- "I was going to make a pointed reply, but I just can't get past the fact that you opened with a strawman." Since then, I've learned better -- but according to you, learning is bad.

    Look, saying I might be trolling because of some way I could be acting is asinine, especially when you've got no evidence for it and significant evidence against it. I'm tempted to post a fake image (WITH A NOTE explaining that it's fake) simply to point out that, were I so untrustworthy, I could have ended this discussion days ago.

    Nothing "falls apart" if you post a better score - We BOTH get stronger for it

    I wish I could believe you, but the way in which your original copy-and-paste troll is worded is still (fallaciously) claiming that no one has even posted a score, which is not true. I imagine if someone does post a better score, you'll simply ignore it -- it makes your own guide look more compelling that way.

    It overcomes yet another objection for you complaining about checksums, & via WinRar, which supports formats from the *NIX world for file compression iirc... it can & does do CRC32 checks of files!

    ...

    Either you don't know what you're talking about, or you're not telling me the whole story.

    I don't remember which, but the download from CIS was either a zipfile or a gzipped/bzip2'd tarball. These formats may actually support internal checksums, but there's nothing inherent about an internal checksum which proves nothing was changed in transit, or, indeed, that my entire connection wasn't redirected to somewhere other than CIS.

    YOUR FRIEND - Have a friend from someplace else on the planet (not in your network segment/isp OR even same ip octet) download it too, & also look @ it in WinR

  6. Re:ANSWER THESE QUESTIONS, quit avoiding them on Microsoft Says "War on Terror" is Overblown · · Score: 1

    Either you are coming late to this exchange and reading a lot more than I would have, or you are APK, trying to appear more respectable. I'm assuming the former, benefit of the doubt.

    Anyone reading this exchange like myself is aware of that fact that you make large mistakes on technical issues at this point. Ones such as you not knowing about buffer overflow exploits

    First, you used completely jargon-y terms when you first brought it up -- "impersonation" or some other bullshit, which had nothing to do with buffer overflows or privilege escalation.

    Second, and more importantly: I don't bring up things that I think are irrelevant, even if I know them.

    For example, neither of us has brought up keyloggers. OMG YOU MUST NOT KNOW WHAT A KEYLOGGER IS, U NOOB! Or not.

    Buffer overflow exploits are irrelevant to a minimal chroot, because there's so little other executable code that a program in a minimal chroot has access to, all of it highly-audited stuff. That's like saying that there might be a buffer overflow in SeLinux itself -- sure, there might be, but it's insanely unlikely.

    I note you completely avoid answering that person's questions

    You cite an example in which I asked for a specific quote. You quoted what was meant as a taunt...

    ...and he still hasn't addressed the race condition inherent in that software. It's so simple and obvious that it seemed unlikely he knew what a race condition was. It seems he knows about a few specific varieties of them, but maybe not the one in question.

    Your technical mistakes are 1 thing noted above, but also now including your main objection that cis tool is somekind of malware. Cis tool is not malware per sans and computerworld noting it

    Yep, sounds like APK.

    In at least one of those links, there's a specific reference made to the CIS tool collecting information and sending it back to a central database.

    Nowhere in its own readmes or documentation do I see a mention of this.

    This is what is generally meant by "spyware" -- it collects personal data (in this case, the state of my system's security) and sends it back to someone else, without my knowledge or consent.

    Furthermore, my objection is not that it is malware, although we both now know it's spyware. My objection is that it might be malware, and I don't have sufficient reason to want to trust any additional entity in order to run this software -- even if it meant trusting God Himself.

    Cis tool actually helps you secure yourself by suggestions it makes to help you secure yourself based on best practices for any OS platform it is run on.

    I can do that by reading about best practices, which would actually help me understand them. CIS provides PDF documents and such for this purpose.

    But his purpose was never to help me understand anything, it was only to demand a score -- for what purpose, I don't know. I suspect he'd rather not have the score, because as you can see here, he's built an entire argument around no one being able to beat his score, and that falls apart if anyone can.

    You have made the linux community here appear badly in your spin master tactics, word games, and technical errors

    I would guess that I am a better man than someone who actively lies. I can point to specific posts if you like. But so far, the only "technical error" is "not knowing about something", when in reality, I simply didn't think it worth mentioning.

    You are the only other person to have commented in this thread since the original post -- on which I see perhaps ONE comment by another user -- and the "object lesson" about anonymity.,/p>

    But hey, it looks like anonymity helps you here. Here, you can pretend not to be APK. It's actually a lot nicer talking to you, APK or not, because at least here you aren't using "lol" or CAPSLOCK, or copying and pasting your entire argument. You've neatly summed it up, and actually reworded it, which helps.

  7. "Changing the subject?" on Linux Foundation Calls for 'Respect for Microsoft' · · Score: 1

    On multiple occasions, you've done cross-posting.

    That is, you literally copy and paste one post from one thread into another, where it's completely irrelevant. Or, you rehash an old argument, or bring up something completely inane.

    At least I gave segues. You can't deal with the reality of statistics, which don't back up your premise that "Windows is or can be made to be more secure than Linux." So, rather than talk about that? You say "You changed the subject! Waah!" and abruptly copy and paste the same argument you've brought up here a thousand times, which is, if I don't take your test, I must have taken it already and gotten a bad score.

    Think about it -- you're doing a self-selected survey of security-conscious people -- the very people who are likely to understand the concept of "trust", and more importantly, why you shouldn't just run some random executable from the Internet, no matter how tightly you can lock said executable down.

    Oh, and it is spyware, at the very least -- it collects statistics and sends them back to a central server. I believe SANS is the one that said this.

  8. Re:"STAT2", lol... round #4 on Linux Foundation Calls for 'Respect for Microsoft' · · Score: 1

    Hey - Just like you! They all ran, 30 times now in fact, with b.s. excuses I have had to overcome each time OR to point out falsehoods they spouted (again, just like you).

    Isn't it just a bit arrogant to say that 30 people are wrong and you're right? That every single time, it was really them "avoiding the test" and not you asking something unreasonable?

    You know now that your MAIN 'objection' is nullified by valid reputable sources

    Nope. You don't understand the concept of trust in security, as I've pointed out before.

    Furthermore, your sans and computerworld articles are not endorsements. If you'd like, I can email sans and computerworld, and I am sure I would get some sort of response of "Well, it looks pretty useful, but no, we can't endorse this. Use at your own risk."

    It's "just a test" as you seem to be saying, so why RUN FROM IT?

    For the same reason you ran from my test.

  9. Please be a bit more specific. on Linux Foundation Calls for 'Respect for Microsoft' · · Score: 1

    First off, the link is broknen.

    Second, when I fix it, it takes me to a page that says absolutely nothing about SQL server. I don't feel like reading that entire comment again (considering I've already replied to it), and I don't remember seeing anything in there proving me wrong about my comparisons.

  10. Re:ANSWER THESE QUESTIONS, quit avoiding them on Microsoft Says "War on Terror" is Overblown · · Score: 1

    If there is a buffer overflow in the APP ITSELF (not chroot, or SeLinux)?

    Has to be an app which is already allowed to be run as root, yet initiated by a user. In other words, something with the setuid bit set.

    I did make pretty certain there wasn't anything in that chroot that didn't have to be there, so basically, your argument is that sudo or su might have a vulnerability in it. The chroot is gone now, so I can't verify it, but I seriously doubt there's anything else there set as setuid root.

    "I wonder if you know what a race condition is."

    I said this because you didn't seem to understand the problem, which was: Unless I completely isolated the app such that it could not write to anywhere that anything else can read (chroot helps here), it's possible for the app to create files that are writable by other users. Your solution, to "chmod", has an obvious race condition in that between the app creating those files and either it or me reading them -- or me chmod'ing them to no longer be world-writable -- they could be modified by something else.

    You see, on a multi-user system, race conditions aren't limited to databases or to thread management. They can occur between programs or between users; it can be a flaw in how you access the filesystem itself.

    In fact, the default installation method of this program, as far as I can see, is to run as root on the "main" system to be tested, making this even more dangerous -- it now becomes a potential target itself for privilege escalation, and it doesn't necessarily need a buffer overflow.

    You suggested checksums, mtimes, etc, and I believe you then crowed about how you knew they existed and I didn't. Yet again, your claims to know more about my system than I do fall short -- I know about checksums. In fact, I asked, very early on, where I could find a checksum for this program, so I know it hasn't been modified since I downloaded it from CIS? (Or even in-transit from CIS, given it's plaintext HTTP anyway.) But I can't even find that, let alone a checksum for the individual files that are unpacked.

    See, I actually DO THIS FOR A LIVING (code & admin networks)... do you?

    Yes.

    AND, how exactly does that show the tests are not scored the same on the same analogous areas in both Windows NT-based OS', & those of *NIX nature?

    It doesn't. However, there are not always even analogous areas.

    But even if it were completely accurate in the way in which you say, having a high score doesn't necessarily mean you have better security, because of the relative and economic nature of security. In fact, here's another quote from the SANS link you included -- it works now:

    enterprises have to beware of using lots of one-off tools. Using one configuration checker for Windows, another for Linux, another for Macintosh, etc - not a good idea in the long run.

    And another quote:

    Every time it runs it feeds the results to a central database where the data cane be fed right into vulnerability management systems.

    Sounds like spyware to me.

    NO, it's not: BUT, YOU POSTED IT AS "BROKEN"

    Check it back in your original quote. Maybe it's changed now, but when I clicked it there, I got taken to the URL which I pasted into my comment.

    Given that it actually supports my position -- that at best, it's a useful tool, but still not a be-all and end-all, and it does send information about my system to a central database -- I can't see why I'd want to deliberately avoid that link. Thanks for posting a good URL this time, then!

    SANS & COMPUTERWORLD NOTE THIS PROGRAM IS NOT MALWARE

    You may have admined, but you cannot have been very involved in the security community if you believe that's sufficient, even if

  11. Re:Simply answer these 4 questions: No more evasio on Microsoft Says "War on Terror" is Overblown · · Score: 1

    Let's reiterate them:

    Let's not. How about you go answer my other post? Or should I copy and paste that here?

    Now I know why you don't want Slashdot tracking you -- people would find out right away just how many of your posts are literally copied and pasted.

  12. Re:ANSWER THESE QUESTIONS, quit avoiding them on Microsoft Says "War on Terror" is Overblown · · Score: 1

    Answer these (quit the partial quoting too, you are using my quotes in partials only, not finishing them (you are WEAK & LAME because of that))

    Oh noes! I'm weak and lame!

    Everywhere I've quoted you, I've quoted either enough to get the spirit of what you said, or enough to demonstrate the fallacy of it.

    Or would you rather I copy and paste the entire thing? The "parent" link is available to both of us. (Do you really think anyone else is reading this thread?)

    1.) Didn't you ask me to show you an example of apps being able to use "privelege escalation, via impersonation analogs on *NIX & buffer overflows" to have an app escape a chroot jail

    The specific example you cite is not relevant to my chroot jail. There is, in fact, no reason I can think of why I'd give your security tool access to my printer.

    Yes, it is theoretically possible that a buffer overflow could be found. It's also possible that a flaw could be found in SELinux itself. Right now, there are no such known vulnerabilities in either SELinux or in the software which was available inside the chroot.

    (You felt it could not be done, UNLESS done via the web... I am showing you differently, as per usual in this exchange!)

    Quote me. I cannot remember saying that.

    While you're at it, dig up one example of you showing me something that I did not know before. (SELinux in Ubuntu does not count, I discovered that on my own.)

    2.) Didn't you state that your Ubuntu distro did not have SeLinux in place & later, you said it did???

    Yes, I learned something. If you bring it up again, I'm going to simply not reply.

    Learning something is a good thing, but from what I've seen in this thread, you're incapable of it.

    Ha - YOU DON'T EVEN KNOW THE CAPABILITIES & FEATURES OF THE LINUX DISTRO YOU USE!

    If I knew every single feature of the software I use, I wouldn't be on Slashdot. I'd be single-handedly writing a new system, because I'd be a fucking genius. I'd be a god.

    Here's one for you: Do you know that it's possible to run an NTFS filesystem with journalling disabled? GUESS YOU DON'T KNOW EVERYTHING THERE IS TO KNOW ABOUT WINDOWS!!!

    Oh, by the way -- capslock is lame.

    3.) Didn't you state what I stated about "race conditions" was false also?? Please - quote what I said, & show what is wrong with it, specifics... & GOOD LUCK (You will need it on that account).

    You first. Where, specifically, did I say that what you said about race conditions was false?

    "You keep saying that I "think it's malware" or I "said it's malware", which is not true. I said it could be malware."

    Yes, I said that. You still haven't addressed it -- and you continue to construe my position as being that this tool is malware, which is not true.

    It's a fine point, but a very important one, and it's infuriating that you keep getting it wrong.

    So finally, for once, you've gotten it right:

    4.) Didn't you state the multiplatform test of security CIS TOOL, by the center for internet security, might be 'malware'?

    Yes. Emphasis on "might be".

    Please look up agnosticism.

    (Funny, SANS & COMPUTERWORLD showed otherwise - I trust them before I trust you, & I am certain others consider SANS especially more of an authority on security than yourself as well!)

    Well, let's start with ComputerWorld. They are doing truly fair and balanced reporting. Nowhere in here is a recommendation. Most of those statements aren't even by ComputerWorld, they are quoting someone else -- like, say, the president

  13. We're at an impasse. on Microsoft Says "War on Terror" is Overblown · · Score: 1

    You have completely evaded the point I made there, and instead simply copied and pasted your responses.

    I will happily address those -- and yes, I can -- AFTER you address your mistake here. It will take more than "No lie @ all".

    But hey, you can copy and paste, and so can I:

    Learn the difference between "felt that it was" and "knew that it might be". Otherwise, this conversation is over.

  14. Re:Enough lies (tell me about it - stop already!) on Microsoft Says "War on Terror" is Overblown · · Score: 1

    QUOTE WHAT I SAID, WHERE I SAID IT, & WHAT WAS INCORRECT ABOUT IT...

    I already did that, simply and plainly, in the grandparent to this.

    You keep saying that I "think it's malware" or I "said it's malware", which is not true. I said it could be malware.

    If you can't understand that distinction, it's a wonder anyone trusts you with their security.

    I wonder who's the more credible - they, vs. you??

    They are claiming to know something. I am not.

    It's not a question of credibility. Anyone can verify that something might be malware through a simple process of logic. It takes trust (blind faith?) to believe that something is not.

  15. Re:The exceptions is: on High-Quality HD Content Can't Easily Be Played by Vista · · Score: 1

    That's true for movies, but not everything.

    For example, where are you going to find an NES and a set of old NES games? But I can find all kinds of obscure old things like Inindo.

    I actually can't imagine where it's still wrong, with a system that old. It's not as if they are still selling copies of the games, right?

  16. Re:This has often been true. on High-Quality HD Content Can't Easily Be Played by Vista · · Score: 1

    I think it's good to buy or rent things you really like to put in your vote and money for people doing really good creative work. And if you can't wait for the DVD to come in the mail, bittorrent AND buy/rent.

    That's even less convenient, so there's a very, very small number of things that I'm willing to do that with. An example: Firefly/Serenity. Good enough that I'm willing to pay for it, also too good to wait for.

  17. Re:GPL Software on High-Quality HD Content Can't Easily Be Played by Vista · · Score: 1

    You wonder why there are no games for Linux, look in the mirror, cheapskate.

    There are games for Linux, and I have actually bought them.

    If you read my post, you'd find that I do, in fact, buy things legitimately. However, there are cases -- movies and TV shows in particular -- where I would very much like to pay for the privilege of downloading them (in a standard, DRM-free format) via bittorrent, because that provides a much better experience than ANY legitimate way of buying them.

    And no, I don't wonder why there are no games for Linux. I know. It has nothing to do with the willingness (or not) of Linux people to buy games. It has everything to do with Windows having such a stranglehold monopoly on the market that even if developers are aware of Linux, they can easily write it off.

  18. Re:UNBELIEVABLE EVASIONS (workarounds inside) on Microsoft Says "War on Terror" is Overblown · · Score: 1

    I knew that, but it is a possible test of file validity

    A test that can be defeated more easily than your screenshot. Why did you even mention mtimes, if you knew they could be altered so easily?

    (along with checksums/crc32, size, time & date, etc.).

    Again, you show either a lack of knowledge, a lack of intelligence, or an unwillingness to really examine the matter.

    Simply put: time & date, or ANY datestamp, is easily modified, so we cannot use these. Size and checksums (of which crc32 is only one possible checksum) would work, if I knew what size or checksum to start with. But your program does not come with this information about the files it installs, so I have no way of knowing if they were modified while they were world-writable.

    1.) Felt the multiplatform test of security CIS TOOL, by the center for internet security, was 'malware'?

    It's really too bad... Scanning ahead, I see some interesting points I'd like to counter directly.

    But again, here's a lie from you, so this post stops here, until you learn the difference between "felt that it was" and "knew that it might be".

  19. Re:"STAT2", lol... round #3 on Linux Foundation Calls for 'Respect for Microsoft' · · Score: 1

    YOU'RE WRONG, as usual...

    How am I wrong here? Was I hallucinating when you tried to compare a specific version of a specific product to the entire ecosystem of Linux distributions all the way back to kernel 0.0.1?

    Along with the total number of users it has as well, maybe?

    That is a troll, plain and simple.

    I actually cannot find more than five virus outbreaks for Linux. You're welcome to try, if you think there have been more.

    However, I personally know more than five Linux users, and even in an entirely self-selected counter, there are over a hundred thousand users.

    I realize that's a small number, but please remember two things -- that is a self-selected counter, and you just said (more lies and spin) that there are less than five Linux users.

    you can try to change the subject ALL YOU LIKE

    I am talking about real measurable security. You're the one bringing it back to this one test.

    It looks like you're evading this subject desperately here, because the numbers simply don't support your theory that Windows is even close to as secure as Linux. You've lost this one, be gracious and admit defeat.

    (This is different than me "evading" the test -- you haven't given me one reason to doubt the numbers I've cited here, while I've given you many reasons to doubt your test. You may reject that I think it may be malware, but at least I am willing to talk about it. You, obviously, are not.)

  20. Car analogy bad... on Net Neutrality Debate Crosses the Atlantic · · Score: 1

    There are actually really good car analogies, but this isn't one of them.

    If car manufacturers start making big profits selling cars, others will decide to get into the car manufacturer business, and eventually they'll have to start upping their volume instead of charging millions of dollars per car, due to that competition. Both of these -- more car manufacturers, and more volume per manufacturer -- cause more demand for steel.

    So at least temporarily, steel will cost more, until the same thing happens to the steel plants (more people get into manufacturing steel, and they start putting out more volume).

    That's what the ISPs might like you to think -- that it's a fair price, because there's so much more demand now, and the price will settle once the new infrastructure (and new competitors) are in place. But there's more going on there -- they are trying to charge for something they have no business charging for in the first place, never mind how much they're trying to charge.

  21. I'd love that. on Net Neutrality Debate Crosses the Atlantic · · Score: 1

    Right now, most ISPs do packet shaping or outright blocking of some kind. Even if they don't, they have the capability to.

    Most also oversell ludicrously. It's great for me that my bandwidth is subsidized by people who barely know what a website is, but that distinction is fading as more people discover YouTube.

    And many already have a policy of, if you use "too much" bandwidth, we'll charge extra, or we'll start throttling you. Who decides what is "too much"? How do I know if I'm using too much? They don't say.

    Anyway, if this happens, it means two things: First, they actually will build the infrastructure they're supposed to. And second, price competition (or regulation) will eventually drive out those nasty overages, and bandwidth will be at least as cheap as it is now, if not cheaper.

  22. Hardball on Net Neutrality Debate Crosses the Atlantic · · Score: 4, Interesting

    Here's how I'd play hardball if I was the BBC, or Google, or anyone like that:

    I would look up the IP blocks which belong to whoever is threatening me.

    I would then redirect any connection from those IP ranges to a page explaining what their ISP is trying to do, and have phone numbers available for each customer's ISP.

    This might even work better for the BBC than for Google, because Google is an Internet business -- every customer they cut off is money lost. The BBC, however, does do traditional broadcasting, so they can afford to kill off some customers and make them turn on their old-fashioned cable TV.

    Anyway: "Contracts get re-negotiated all the time..." Bullshit. This isn't a case of renegotiating a contract. It's a case of some ISPs trying to bully the BBC into creating a contract where none currently exists. If it was the BBC's own ISP that wanted to charge them more, then yes, that makes sense, and the BBC can then decide if they want to play, or if they want to find another ISP. But if it's some random ISP across the country, I'd say "Fuck you, you just lost your customers."

  23. Re:Ugh... on Net Neutrality Debate Crosses the Atlantic · · Score: 2, Interesting

    If iPlayer and similar services (and, dare I say it, P2P protocols) were all multicast-capable, this would almost be a non-issue.

    Amen. BitTorrent is an absolutely brutal hack, and I really want it to die, but we just don't have decent multicast to replace it with.

    Maybe what we need is a sort of hybrid between cacheablility and multicast. Right now, Polipo (and maybe Squid) does something close -- if I start downloading some huge file, and someone else on my network starts downloading the same file, they'll get the first bit served out of cache, and then the connection will be shared for the rest of it.

    Maybe there's some HTTP tricks that could theoretically work, even. For example, you say you want a file, and you get back a header with a range of the current position of everybody downloading it through the end of the file. Then, when the download is done for everyone else, you start downloading from the beginning. Better than broadcasting on a schedule because if nobody's downloading a particular file, we don't have to broadcast it anywhere until the first person tries to -- and that first person can stream it.

    Of course, another thing that would help is easy local discovery of peers, so if you come late, you could stream the first bit from a peer while the rest of it downloads...

    (Am I making sense? It's 3 AM...)

  24. Re:And you'll be the first to complain.... on Net Neutrality Debate Crosses the Atlantic · · Score: 1

    We already have boxes which work perfectly for what most people are going to use it for (digital TV), and even USB plugs for it, so why try to do it over the 'net?

    What I want, when I want it, without it being filled with a ton of pointless unskippable ads.

    I know about DVRs. They are a hack. This is the solution.

  25. This has often been true. on High-Quality HD Content Can't Easily Be Played by Vista · · Score: 5, Interesting

    Not necessarily with quality -- I admit, some of the pirated stuff is pretty bad. But in terms of overall experience, piracy wins almost every time.

    Let's take a few examples...

    Movies (standard-def)

    Buying a DVD outright is too expensive. I watch a movie once, maybe twice, then I'm done. It's also not convenient -- either I have to drive to a store, or I order online and wait days for it to be shipped.

    Renting is too inconvenient, for the same reasons as above. Netflix comes close, but lacks instant gratification.

    Both of the above deal with physical discs, which can scratch, break, etc. If it's a rental, it might come that way, and I have to wait for another one to ship. Also, many discs feature copy protection above and beyond CSS, most of which is designed to make the disc look corrupted to a ripping program -- but that can prevent me from playing it properly, even in a dedicated DVD player.

    There are some other half-assed attempts, like the iTunes Music Store and Amazon Unbox, all of which require me to run proprietary, Windows-only software to make the purchase, and usually gives me a DRM'd file, which I must play on proprietary, Windows-only software. Ok, iTunes works on a Mac -- except I'm on Linux, so that's no help.

    So, piracy wins on almost all counts -- I can get near-instant gratification, it's convenient, I can do it entirely with open source software (KTorrent to download, mplayer to watch), and it's cheap enough that I often download things I'm not sure I'd want to spend money on -- and sometimes I enjoy them, and sometimes I don't.

    The only thing piracy loses on, currently, is that rentals give me full DVD quality in the time it takes to drive to the store. It can take several days to download an ISO at that quality, with all the extra features. But that's only a matter of time and bandwidth -- and even when I do rent a physical disc, I often rip it immediately, so that I can take the movie back and watch it whenever I have the time.

    There is actually one other thing -- the movie theater itself. I do actually pay to see good movies in the theater, when they come out, even though I could probably download them a few days before they come out.

    Movies (high-def)

    This is a no-brainer: I currently can neither rent nor buy, because my monitor doesn't support HDCP, I don't have a Blu-Ray or HD-DVD drive, and neither is sufficiently cracked for me to just pop in a disc and play it on Linux, on the monitor I currently own.

    The best bet would be something like iTunes or Amazon Unbox, which suffers from all the same proprietary issues -- assuming they even have high-def content -- plus I may run into the HDCP issue.

    However, my Internet connection and my hard disk can both handle a 5 gig or so download of an h.264-encoded 720p movie -- which still looks damned good.

    This is a case where I do actually want to be a good consumer, but can't. I'd like to buy the Serenity HD-DVD, but that would require me to buy either an HDTV and an HD-DVD player or a new monitor, new video card, and an HD-DVD drive, all of which is prohibitively expensive -- especially considering my current monitor is somewhere between 720p and 1080p (it's 1600x1200) and works fine, so I'd be buying a new monitor for no good reason.

    TV shows

    Well, TV itself (cable, satellite, etc) just sucks. It's not enough to interrupt you every 5-10 minutes with ads, they have now started pushing an ad into the middle of a show -- taking over a full quarter of your screen with an animated ad, with a little bit of sound to go with it. You're also required to buy channels in bundles, which limits choice -- if you pick and choose the channels you want, it may cost more than just buying one bundle that has them all -- but it will cost even more if your channels don't happen to all be in the same bundle.

    Renting them sort of works. The frustrating thing there is, it makes sense to rent them one DVD at a time, so you can wa