Slashdot Mirror


User: SanityInAnarchy

SanityInAnarchy's activity in the archive.

Stories
0
Comments
12,413
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,413

  1. Re:Don't impersonate me: THAT IS LAME, guys on Microsoft Says "War on Terror" is Overblown · · Score: 1

    This was meant to be an object lesson for you.

    The point is, it was extremely easy to do, and ip addresses don't prove anything.

    Also, from what I remember when I've had mod points, the mods can't check IP addresses at all. Only admins could, theoretically, assuming they're logged. But the admins aren't going to bother with a simple troll like that, meaning the majority of the users who see it may or may not know it was you, depending on how good the troll was.

    If you don't want to be impersonated, it's really simple: Register, and no one can impersonate you.

    Otherwise, don't complain about the consequences of anonymity.

    But go ahead, tell me my IP address, if you can track me so easily. (Actually, you can find out from my email address, but I'm the exception there.)

    And your "visual traceroute" won't cover anonymizing proxies. Being registered does not prevent you from using one of those.

  2. Re:Very... eloquent troll. on Microsoft Says "War on Terror" is Overblown · · Score: 1

    Chroot, chown, chmod... @ your disposal, right?

    There's still a race condition.

    I can do more than that, on NTFS (natively), but with SELinux kernel hooks added on?? SO CAN YOU!

    In fact, I could use SELinux or a chroot to lock it down to where it couldn't damage my system. I believe I said this when I said I could "sandbox" it.

    But that would defeat the purpose, because it would then be testing the security of my sandbox, not the security of my system. I don't run with SELinux enabled on everything, so enabling it just for this benchmark might give me an artificially high ranking. (See? It's really not that I'm afraid of the results being known.)

    Let's not forget that exerting that amount of control means I'm no longer taking the standard test. I mean, while I'm at it, why don't I just run the tool (in a safely sandboxed environment) and edit the results? Hell, I could just upload a screenshot of my system getting 85%, maybe 95%, even 100%... I don't have anything more than your word that you haven't done the same.

    Screenshots are not "proof" of anything.

    You have a fix, already built into your OS...

    So you do admit it's broken?

    Why should I have to fix it?

    I would think, for the problems you describe!

    I did describe some other ones, which you haven't addressed, such as the lack of a PGP signature (or even an MD5) to verify that the file is intact, the lack of trustworthiness of cisecurity.org, lack of source code, and the fact that even if it were possible to create a tool which can compare different OSes and tell you which is more secure, it's not going to be made by some idiots who have such serious security flaws in their own code.

  3. Hard drive? on Dell Considers Bundling Virtualization on Mobos · · Score: 1

    Why not just "embed" it in the first 20 megs or so of the hard drive? (Or 100 megs, or 1 gig, given the size of modern storage...)

    The only advantage I see to doing it with flash is that they could lock it down, and also, you could theoretically hot-swap SATA (or USB) drives, each with an OS on it (and maybe a "saved image" from the virtualizer, like hibernating). Even if you don't actually physically hot-swap them, you could spin down the drive you're not using.

    Of course, if it was me doing this, I'd just get 3 drives (or more) and build a software RAID, and run my virtualized OSes on top of that, so I get a nice performance boost (at the cost of more power required to keep them all spinning)...

  4. Could block access to hardware... on Dell Considers Bundling Virtualization on Mobos · · Score: 1

    There are certain chunks of hardware, actual CPU instructions, etc which have been introduced recently to make virtualization more efficient.

    However, I don't think it would do very well against something like Blue Pill, because that could just as easily implement a softer virtualizer -- it would just appear to run a little slower.

  5. Here's my tips... on Dell Considers Bundling Virtualization on Mobos · · Score: 1

    Admittedly, I haven't had cause to call Dell, but this works well for my ISP:

    1. Be honest. I know it's unusual advice, but if you attempt to bullshit your way through something, you may piss off the tech if they know what you're talking about -- or worse, they might believe you and skip a crucial step you didn't think you had to do.
    2. Be polite. Some of the following suggestions may require you to say something sort of condescending, so try your damnedest not to sound that way. And it goes without saying -- don't raise your voice.
    3. Don't swear. They are allowed to hang up on you if you do.
    4. Use big words that you don't actually need. See point #1 -- don't make stuff up -- but there's a good chance that if the tech actually doesn't understand what you're talking about, they'll escalate to someone who does.
    5. Be authoritative on what you do know. For example, if they tell you to reboot because they want you to try to get a new DHCP lease, suggest something like "ipconfig /renew". Assert that you do, in fact, know how DHCP works, and ask them to tell you what more rebooting will do. See point #2, though -- do it respectfully.
    6. Be willing to take steps you know are pointless. By now, you've tried steps #4 and #5, so you've got a very stubborn (probably stupid) tech who's sticking to a script. If you follow obediently, even if you really do the steps (remember point #1), you'll eventually either get to the good stuff, or they'll run out of script and escalate you.
    7. Try not to hang up -- if you call back later, you might even get the same person, depending on the size of the company. Either way, the tech you get first is not going to be one of the smart ones, because those are busy dealing with the calls that got escalated.
    8. Reward the techs who do well. When they're done, ask if you can speak to their manager, and put in a good word for them -- how helpful they were, how quickly your problem was solved, etc etc. It might help them get a promotion, but even if they don't, it means they're a lot less likely to be laid off than the dipshit down the hall who wants you to "ipconfig /renew" on a Mac. If enough of us do this, hopefully, we'll help in a sort of natural selection of better techs.

    I'm thinking of writing a guide like this and distributing it, because these same principles do hold for anyone, regardless of technical skill. The language might change a bit -- for example, a nontechnical person should follow step #6 because what they "know" is not always true, and if they really knew everything, they wouldn't be calling for a tech. But the habits are the same.

  6. I know someone... on Gamers Don't Know Their Own Consoles · · Score: 2, Insightful

    I know someone who bought a PS3 without realizing it had...

    well...

    anything other than hype.

    I'm not kidding. I swear to God, this kid brought the PS3 home, plugged it in, hooked it up to his standard-definition TV, and used it to play a PS2 version of Tomb Raider. At least, I think it was PS2 -- it might have been PS1. He was crowing about his "next-generation game console" experience, but hell, he wasn't even using the "internal memory card" (store PS2 savegames on the hard drive) because he didn't know how, and thought he'd have to buy something. The only conceivable improvement in his experience was the wireless controller, but with such a short cord (for when the battery dies) and no rumble, the advantages are kind of dubious.

    This is someone who already had a PS2.

    Every now and then, his brother rents a PS3 game and brings it home, but he mostly uses it to play PS2 games.

    Now, the one thing I will say in his favor is that he is actually retarded. He actually does have a real, physical, chemical imbalance in his brain. So in a way, I kind of can't blame him for being such an absurd Sony fanboy...

    But looking at him kind, I kind of have to wonder, what do the whole, sane, and intelligent people who bought a PS3 have to say for themselves? Especially if they didn't realize it had blu-ray?

  7. Re:Big news flash. on Gamers Don't Know Their Own Consoles · · Score: 1

    There is a huge difference here:

    The PS3 is cheaper than other Blu-Ray players.
    The PS3 is probably still significantly more expensive than it could have been without a Blu-Ray player.

    That's sufficient to make it at least a dual-purpose -- primarily both a game console AND a Blu-Ray player. If I bought a Windows Mobile 5 phone, an iPhone, or OpenMoko for an extra $200 (compared to a Symbian or something simpler), you can be damned sure I'm going to know about its non-phone capabilities, because I'd have to be retarded to spend that much money on a phone that I'd only use as a phone.

  8. Re:Very... eloquent troll. on Microsoft Says "War on Terror" is Overblown · · Score: 1

    It HAS to make some files it creates, writable, in order to create an output file of results I imagine...

    I don't care if it makes them writable. It should not have to make them world-writable. Big difference there.

    Writable means someone can write to them -- usually the user who created the file.

    World-writable means anyone can write to them -- including anonymous/guest accounts, system services that aren't supposed to write to anything, or even just another user who isn't supposed to have admin rights.

    THIS IS A SECURITY RISK? Come on...

    Yes, I would say so.

    Your casual "come on" statement comes up against decades of best practices in Unix, as well as some opinions by some people in security that I actually know of and respect. It's so obvious a bad idea that I can see it for myself, too -- I don't even need a second opinion.

    And even if I ran it, what would it prove? If they can't even secure their own security-testing program, I'd say any results they come up with are suspect.

    No, that's not a way of "getting out of a bad score" -- even if I got an incredibly good score, I would question the results. I wouldn't just use them to push an agenda, the way you seem to be.

    You've got to be kidding me man... then, just install SUN's JVM, install the program & run it...... & then uninstall it.

    So your solution to wanting me to run an obviously insecure program is to uninstall it when I'm done?

    You're kidding, right?

    In that case, I have a challenge for you: Here's a link I found in my spam. Go ahead and download that file, and run it. Then uninstall it. Your system should be secure again, right?

    If you aren't willing to do that, you should be able to understand why I'm not willing to download some random, stupidly-insecure program to test my machine.

    If you are willing to do that, I imagine you'll get an object lesson in how spyware works.

    I don't see how that matters, as long as you were modded up for reasons other than "funny" or "karma" (these 2, to myself @ least, don't mean much - technical points mods, however, do)!

    Not that I expect it to change your mind, but registered users get a whole bunch of preferences like that. If you wanted to, you could actually set funny and karma bonuses to have 0 effect on a post's apparent score to you, or even a negative effect.

  9. Re:Correction. on Microsoft Says "War on Terror" is Overblown · · Score: 1

    QUESTION: That info.'s available (apparently), right? Where you felt or thought it was not before, correct??

    No, it's not.

    There is no source code. There is no md5sum. There is no PGP signature. There's no blessing from any distro- or repository-maintainer I know of. And I know nothing of the "Center for Internet Security", so why should I trust them?

    The only correction was a typo: I said "PHP signature", where I meant "PGP signature". How you managed to turn that into an admission that you're right about this software is beyond me.

    I've "slipped" before too (rarely, lol, but if it happens?

    More like every single time you've replied to me.

    First you thought I lacked the technical knowledge to install the program. I know how, I'm just not stupid enough to do so.

    Next, you thought I was complaining that it creates "writable" files -- it's "world-writable" that bothers me.

    And now, you've taken my correction of a typo and turned it into something more.

    a few times for skimming too

    I'm trying to make my posts short enough that you aren't tempted to skim...

    Because either you have been skimming (badly) or you have the reading comprehension of a five-year-old.

    So try this instead: Go back and read my posts thoroughly. Every word. When you come across a word you obviously don't understand (like PGP), look it up or ask me what it is.

  10. Re:Very... eloquent troll. on Microsoft Says "War on Terror" is Overblown · · Score: 1

    First, I did not use the tool you suggested because the tool itself would make my system less secure. Had you read my post, you would know this.

    Obviously, you did not read my post. Apparently it was too long for you, so I am trying to make this nice and short. Even so, I've put the thrust of my argument first, so that hopefully you'll get the point before your attention span fades.

    Anyhow, then, why don't you even try the CIS Tool 1.x, + post your score here so I can examine it + so YOU CAN PROVE THAT STATEMENT?

    And you continue to rant about how obviously, if I didn't run your tool, it must mean that I'm either too stupid to figure out how, or I don't want you to know how insecure my system is.

    I'll point you to their own readme file:

    The NG Scoring Tool installation may make some or all of the Tool files world writable during installation.

    This is a really fucking bad idea. It is a security bug in the software you want me to use to test my security?

    Apparently, they know it too, because they go on to say:

    This is a known issue and we are working very hard to correct this installation issue.

    Oh, and yes, you should get a Slashdot account:

    First of all - Why?

    Why not?

    Oh, by the way, that comment you link to? Got modded +2, started at 0, has no replies. My comments start at 2 (registered + good karma), and routinely get modded to +5. They almost always have replies, unless they are already deep inside a thread.

    Also, I do not have to enter a CAPTCHA when commenting, I don't have to preview before posting, and I have to wait far less between posting. As for tracking, it's not about "peer pressure", it's about recognition, and that is a good thing.

  11. Re:It was only a matter of time.. on BitTorrent Closes Source Code · · Score: 1

    A very lame excuse.

    Ashwin told Slyck.com that by keeping the source closed, it creates a "certain amount of distinction" between the official client and maliciously repackaged software.

    Can anyone explain to me how that creates ANY amount of distinction?

    Certainly, I know that whatever BitTorrent I use is legitimate, because it came straight from the Ubuntu repositories. With the new version, that's impossible, both legally and technically -- uTorrent was and is Windows-only.

  12. Re:Let you down with XP on Microsoft Says "War on Terror" is Overblown · · Score: 1

    Well, and claim the new one is so much better... "Improved security!" And in most cases, that's because anything would be an improvement.

    With Vista, they've finally gotten to where there's even a question of whether they are more secure than Linux. And even if they were equally secure, I'll take the less annoying one any day. (Allow, dammit! Allow!!)

    What I really want to see is for someone to just say "Secure." Not "More secure," but "Secure." As in, algebraically proven.

  13. Correction. on Microsoft Says "War on Terror" is Overblown · · Score: 1

    Whoops.

    Even if I had source code, where's the md5sum? The PGP signature?

    Sorry about that.

  14. Very... eloquent troll. on Microsoft Says "War on Terror" is Overblown · · Score: 1

    Either you're trolling or astroturfing, or you're sadly misinformed. I suspect the former:

    you truly CAN secure Windows, & to such a level, even *NIX folks I challenged could not beat it)...
    And, no - benchmarks are "not everything", only gauges (what else do we have?

    So, if benchmarks are not everything, then be more specific -- say that your Windows is secured relative to one benchmark to where no one else can beat it. Don't say that we can't beat your security -- that's pure bullshit. If I'm insecure, root me. Go on -- you can start with my mailserver. Shouldn't be too hard to find. If you're smart, you can even jump from there to my desktop -- they're connected via a gigabit crossover cable.

    Oh, and get yourself a Slashdot account. Many people don't even bother to reply to Anonymous Cowards.

    But let me try to take you seriously for a moment...

    You posted a screenshot, which as we all know, should not be accepted as "proof" of anything. Your screenshot is bullshit unless I can get the tool and verify it myself. So try providing a link, at least.

    Oh, is this what you were talking about? First, there's no tool for the most popular Linux variant today: Ubuntu. (My desktop is Kubuntu, but that shouldn't be a major obstacle, when you can "upgrade" from one to the other and back.)

    But let's suppose I had RedHat or Suse or some such. It's still a huge, annoying hassle to even get to the file -- I'm very skeptical of anything that makes me FILL OUT A SURVEY, not to mention agree to some legalese, before I can even download the file. Included in that legalese is the requirement that I can't redistribute -- doesn't sound particularly open to me.

    Once downloaded, I have a big tarball. Unpacking it, I find a jar file and a readme. Which means, the entire tool is proprietary. I'm not sure if it can be run as a normal user, however, I am running Linux partly because I do not trust proprietary software. And now you're asking me to run one from this random website as root?

    (I suppose I could setup a separate account to test it under, but I'm too lazy, especially when... but read on.)

    Even if I had source code, where's the md5sum? The PHP signature? Where's my guarantee that the file I downloaded actually did originate from this server, and hasn't been modified in transit?

    Never mind all that -- the readme file itself admits that the installation of the tool is not secure:

    The NG Scoring Tool installation may make some or all of the Tool files world writable during installation. This is a known issue and we are working very hard to correct this installation issue.

    I'm sorry, no. Absolutely not. I will not take a benchmark intended to measure my security when the tool itself is that fucking insecure, and you shouldn't either. Not even on Windows.

    However, you're welcome to point me to any tool which attempts penetration testing from the Internet -- in other words, a website where I can click a "hack me" button to test my browser, or to have their server attempt to exploit me over the network. I imagine it would be inconclusive -- it would probably find absolutely nothing to exploit on either of our machines. It might find something wrong with some conscious decisions I've made -- for instance, responding to a ping -- but then it becomes a difference of opinion, rather than "proof" of anything. (Unless we're both wrong, and it's able to root one of us...)

  15. Who cares? on Microsoft Says "War on Terror" is Overblown · · Score: 1

    If your goal is to virtualize all apps, and you can get all of them to work on Wine, then you can just run Linux on the desktop, save some money on Windows licenses.

    And yes, you can probably coax Wine to run on Windows via Cygwin or something, but that would be pretty slow and pretty ugly. You might even get it to work with the Windows port of the Linux kernel, if that even exists anymore -- or by compiling UserModeLinux for Cygwin -- but that would be even uglier and slower.

  16. Re:WINE, Anyone? on Microsoft Says "War on Terror" is Overblown · · Score: 1

    I'm not sure qemu is capable of doing that with virtualization.

    I know it can do it with emulation, and I believe it's possible to, for example, run Qemu on Linux-PPC or something, tell it to emulate x86, and use it to run an x86 version of Wine. So, theoretically, you could get native Windows apps -- but just those apps, not a whole OS -- emulated on a PPC Mac. But I never got that working, and new Macs are Intel anyway...

    In other words, I was imagining using Qemu to do a kind of reverse-Rosetta.

    But I don't know if it can do it with virtualization, and if it could, I don't know if it would provide the security benefits of virtualizing the whole OS. In fact, I doubt there would be a point to it at all, since an app doing an unlink() syscall is going to delete the file anyway, whether it's a native unlink() or a virtualized/emulated unlink().

  17. Wow, they just invented NFS! on Microsoft Says "War on Terror" is Overblown · · Score: 1
    1. Install applications such as Word or Excel on Wine on central server. You can give each program its own "fake windows" directory.
    2. Mount central server's Wine directories over NFS. You can even boot from NFS, if you like.
    3. Run Wine locally. All the application data will be pulled over the network, without actually installing it on the clients.

    One interesting thing is that I can virtualize IE, thanks to IEs4Linux. Downside: IE7 isn't actually run; they use IE6 with the IE7 rendering engine. Upside: You get four separate versions of IE on the same machine -- you can probably even run them simultaneously.

    By the way: You don't need virtualization to run apps off the network. You just need a fileserver and an app which doesn't insist on being installed on a physical hard drive. (For example, Steam will refuse to run if you attempt to install it on a network drive.)

  18. Re:Virtualizing Applications on Microsoft Says "War on Terror" is Overblown · · Score: 1

    Therefore, the solution (which Microsoft seems to be starting to do) is to force the majority of an application to run as a user specific to that application, and completely unprivileged. Ideally, to allow multi-user systems to function properly, we would have sub-users -- each normal user should be able to create users which they control, and those users should be able to create users -- you could have a UID quota.

    I believe Internet Explorer now runs the bulk of the browser as an unprivileged user, even less privileged than the human running the browser. When it wants to save a file, it asks the part of it that still somewhat-privileged to pop up a "save file" dialog, which it does. This is a good design -- implemented properly, no insecurities in IE could allow anything to damage any data except the file that the user has explicitly told it where to save.

    I would much prefer that kind of solution than the brute-force virtualization of a whole architecture just to force apps run by the same user to not be able to talk to each other -- which is then going to force us to implement a mini-network within the computer to allow them to talk to each other again (and thus be exploitable). The whole idea is laughable.

  19. What would be really new... on Microsoft Says "War on Terror" is Overblown · · Score: 1

    There are actually designs that allow for running untrusted code in the same address space as everything else, even ring 0.

    I believe they are old designs, but I would like to see a new implementation. I bet it'd be a lot faster than a modern OS.

    But I do agree with you -- the modern operating system does virtualize, and it does so efficiently. I'd much rather stick with that than have a whole architecture emulated just to make absolutely sure an app doesn't do anything bad -- the only time I see a need for that is things like DOSbox, for apps which assumed they had the whole architecture to themselves.

  20. Konqueror on The Java Popup you Can't Stop · · Score: 1

    Didn't include NoScript. But it did include the ability -- not sure if it was on by default or not -- to set all plugins to click-to-run.

    So let JavaScript run, I don't care. My popup blocker works quite well enough against JavaScript popups -- or if it theoretically doesn't, I've NEVER seen a popup since I've been using Konqueror.

    But try to pop stuff up with hidden Java? The only way that works is if I actually need your Java for something else. Additional bonus: Since nspluginwrapper is a little unstable to begin with, and gets worse when it's in Konqueror instead of Firefox, I prefer not to turn on Flash for every little animated corporate logo. I can still look at YouTube and some of the few uses of Flash I want to see, but otherwise, I actually get a fast Internet (something I can't say for Firefox).

  21. Re: rapid prototyping / dynamic languages on Hiring Programmers and The High Cost of Low Quality · · Score: 1

    Hell yeah! Rapid prototyping is worth its weight in gold, and it more than makes up for the performance hit of the "slower" languages.

    That always depends on what you're doing with it. I still wouldn't write a game engine in a "slower" language, because it really would be slower, and my competitors (using C++) would kick my ass in benchmarks. But, I might write the AI and game logic in a language like Python -- and this is often done.

    What seems to be the common attitude now is to write high-level stuff in high-level languages, and low-level stuff in C, then tie the two together somehow -- for example, either embed Python, or write a Python module in C. Another common attitude is to rapidly prototype something in a "slower" language, then re-write it in a faster one, now that you have a good idea what kind of program architecture is going to work.

    I think that all of these are good strategies, when high-level languages are slow. I just think that if high-level languages were fast, we wouldn't need things like C.

    Java is a moving target. Instead of saying "as [fast] as Java," let's just say "to the left of the 3x performance gap(*) on the language shootout rankings."

    Well, what is sometimes whispered in projects like Psyco is "faster than C".

    Here's my reasoning: The killer features of a language like Ruby are its dynamic nature. You can go in and tweak any part of your program on the fly, or, indeed, chunks of the language itself. In fact, large parts of Ruby are written in Ruby.

    The killer features of a language like Java are its speed and its static nature -- it makes it possible to do many more anal-retentive checks at compile-time.

    Now, Ruby, Perl, etc could easily be made to emulate the static nature of languages like Java. In many cases, best practices can be enforced at the IDE/editor level, or with grep. And I think it's far better to be able to have these things (use strict in perl, for example) and be able to turn them off, than to have them forced on you by the language, so you spend a lot of time working around them.

    So, the big difference is speed. And I think "slower" languages are slower primarily because they are so dynamic -- it means that things which Java can throw away at compile time must be kept around by Ruby even through runtime.

    For example, suppose you want to add two integer variables and store them in a third. Compiled languages can optimize this down to practically assembly-level instructions at compile time -- 2 + 2 really becomes simply adding 2 and 2, and storing the result in some location in memory.

    Compare that with what Ruby has to do. First it has to convert those to objects, so we now have two Fixnums, each with a value of 2. It then has to call the '+' method of Fixnum -- so if we're adding a and b, it has to do a.+(b) -- and it has to do this kind of stuff on the fly. That is, it has to look up each variable by name, then look up its class (again by name), then the method being called (surprise! by name), and finally it ends up with some code to run that's roughly the equivalent of 2+2 in C.

    I think that even the majority of Ruby code doesn't need that kind of flexibility. It's nice from time to time -- if Ruby can't find foo.bar, it'll call something like foo.method_not_found('bar'), which can allow fancy things like automatic RPC or loading of libraries.

    But it also forces Ruby to be as slow as JavaScript.

    I do actually have a solution, but I think this post is long enough as it is. But I will say that I think it's a problem. Right now, I can write any kind of app I want in Ruby, it'll just run slower. And I can do the same thing in Java, and it will run faster, but take longer to develop. Which means there's a certain class of applications which can't be developed in Ruby (they need to be fast), and a certain class that can't be done as well in Java or C (they need to be dynamic), and probably a class of apps that can't be done at all (they need to be both).

  22. Re:Stereotypes on Coping Strategies for Women in IT · · Score: 1

    Your "respect" of secretaries is pointless and completely irrelevant to women in the IT industry.

    Sorry you feel that way. Maybe you need to spend more time around actual secretaries.

    If it's really only about doing the job, then shut up and do the job.

    Yes. And let the tit and pussy jokes continue right?

    So it's alright for you to completely ignore the context of that statement, but not for me to ignore the context of being called a secretary?

    The truth is you do respect them. You respect them enough to help answer their questions, point them to documentation, or diagram out the system design. If you had no respect for them, you'd do none of these things for new recruits because it'd be waste of your time.

    It's never a waste of time if someone is willing to listen.

    For instance: The act of actually asking for help, rather than assuming no one will help you, is one way to gain my respect -- at least then I will respect you as an open-minded person trying to learn something.

    You're certainly not displaying that. Rather than learn something from me, if there's anything to learn, you'd rather call me a hypocrite, atrocious, sexist, whatever. (Scrolling down, looks like you have a new name to call me: Neanderthal!)

    You expected the woman on the job to do all the work of change. Your attitude was boys will be boys and will always toss around jokes and rude insults.

    You keep putting words in my mouth. Stop it.

    If you can't argue your point without a half dozen strawmen, I doubt you have a point.

    You demanded they change and "act like they belong" which means participating in the childish male behavior.

    Sorry if it means that to you.

    To me it means: If everyone else is wearing a tshirt and jeans, don't come to work in a suit. If somebody tells a dirty joke, you do not have to immediately become offended -- especially if it might be a little funny, or you might have one of your own.

    Note: These jokes are NOT about you. An example of one I've heard at the office recently: "I'm going to become the next Hitler. I'm going to kill a thousand Jews and one clown."

    Inevitable question: "Why the clown?"

    "See, no one cares about the Jews!"

    I was raised Jewish.

    Now, I could get all offended and run to my boss and rant and rave about how it's a hostile environment towards Jews in the workplace. Or I could turn around and tell a joke about Christ. Or I could ignore it.

    You should also note: There's plenty of childish behavior elsewhere. In management, sales, etc, you can tell how wealthy a man is by looking at his suit -- which to me is as childish male behavior as a peacock strutting his feathers. And women participate in that every bit as much -- they buy suits that look almost exactly like the ones for men, except they wear them with stockings and skirts.

    And you like this! You see this as the strong female role model.

    But God forbid a woman in tech should have to deal with rough humor and a bit of swearing now and then. Yeah. That's childish, and guys wearing a tie (obviously phallic symbol) to work every day isn't.

    I've experienced more prejudice in the last year than you will in your lifetime.

    You don't know me, and you presume to tell me what I've experienced, and what I will experience. And that's not pre-judging?

    I didn't pre-judge you. I post-judged you based on your words.

    Along with the ones you put in my mouth.

    You only want your pet issues to change.

    Missing the point again. Why do I bother responding, if you can't be bothered to read my post?

    I am discussing my strategies for dealing with issues, mine or otherwise, pet or otherwise. I brough

  23. Re:Sad thing is... on Oklahoma Security Expert Attacks RIAA Claims · · Score: 1

    Makes me wish I was a lawyer, but law school would be too long and expensive for me :/

  24. Re:...Java? on Hiring Programmers and The High Cost of Low Quality · · Score: 1

    I said "in that program."

    As a general practice, it may be better to use <>, but I don't see what more it would accomplish without changing the rest of the file as well.

  25. Re:Come to the PC side! on Apple Updates iMac, iLife, .Mac · · Score: 1

    There is gimp and krita, among others. Most of the harshest critics of Gimp haven't used it for any significant amount of time.

    But Photoshop does work well under Wine, or even Windows (which doesn't force you to buy a specific piece of hardware from a specific manufacturer.)

    Let me put it this way: You beg and whine about not getting the laptop you want. I just buy the laptop I want and put Linux and Gimp on it. You beg and whine for Adobe to port Photoshop, or to support this one feature... I just go implement the feature I need.