Slashdot Mirror


User: SanityInAnarchy

SanityInAnarchy's activity in the archive.

Stories
0
Comments
12,413
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,413

  1. Linux File System?? on 9 Open Source Companies to Watch · · Score: 5, Funny

    I mean, it's not a bad idea, but that name? Sounds kind of like eFax calling themselves Windows Print Driver.

  2. Re:Well Well on New Alienware PC an Overpriced Underperformer · · Score: 1

    At least one thing still seems to be the same. With a headline like that, I expected this system to be just like any other Dell. Not so. It looks like just about everything I'd choose, with the exception of the twin Deathstars -- I'd have gotten a different brand, but that's it. I just don't see SLI making sense yet.

    The service you describe is more like what I'd expect, though.

  3. Re:Don't Understand? on Steal This Film · · Score: 2, Interesting
    c) Even if artists got a pisspoor share of royalties, I'm sure they would much rather prefer it to the fuck all they would get if stuff was P2Ped.

    No they wouldn't. Not if they were smart.

    Important quote for the lazy:

    This story is about a bidding-war band that gets a huge deal with a 20 percent royalty rate and a million-dollar advance. (No bidding-war band ever got a 20 percent royalty, but whatever.) This is my "funny" math based on some reality and I just want to qualify it by saying I'm positive it's better math than what Edgar Bronfman Jr. [the president and CEO of Seagram, which owns Polygram] would provide.

    (some number crunching)

    Since the original million-dollar advance is also recoupable, the band owes $2 million to the record company.

    If all of the million records are sold at full price with no discounts or record clubs, the band earns $2 million in royalties, since their 20 percent royalty works out to $2 a record.

    Two million dollars in royalties minus $2 million in recoupable expenses equals ... zero!

    How much does the record company make?

    (more number crunching)

    So their profit is $6.6 million; the band may as well be working at a 7-Eleven.

    When you look at the legal line on a CD, it says copyright 1976 Atlantic Records or copyright 1996 RCA Records. When you look at a book, though, it'll say something like copyright 1999 Susan Faludi, or David Foster Wallace. Authors own their books and license them to publishers. When the contract runs out, writers gets their books back. But record companies own our copyrights forever.

    To sum it up, I can't find the exact quote for this bit, but most artists -- even top artists -- would be better off financially if they didn't try to distribute at all, if they played in bars and such, or if they self-publish, via the Internet (magnatune, mindawn) or burn their own CDs. They'd be less popular, but they'd actually make money.

    So yes, I think the smart artists, the small-time, bar/nightclub players who distribute their albums on their own CD-Rs, would really, truly, honestly not care whether they get P2P'd. They (like everyone else) make the real money from live concerts, which they get more and better of if they are more popular, which is much more likely if their stuff is getting P2P'd.

  4. Re:Latest BS from Gartner on Vista the Last of Its Kind · · Score: 1

    In the Firefox preferences the user can designate a folder where downloads can be saved. This can be any directory or disk, including network that the user has write access to. All other settings, cookies etc. are saved in the user's library.

    You're still not getting it. The point is, if firefox only had write access to the user's library, specifically the Firefox folder in the user's library, it would be better for security, but that Firefox preference wouldn't work.

    What would be nicer is if Firefox could drop privileges, so to speak, so as to have the part of it that manages cache only have access to the cache, or maybe have the whole thing have access to the Firefox part of the user's Library (~/.firefox on Linux), and be allowed to create files in the folder selected for downloads, but once downloaded, modify the file so it has no rights to it.

    Basically, we already know how Firefox should work -- it should only create new files in random places when I download them or hit "save as". It should not allow any extension to create any file, anywhere. Ideally, it should be possible to restrict Firefox to only behaving the way we know it should. I know of no OS or system that behaves this way -- if anything, we're going the other way. Wordpress install guides, for instance, as well as many CGI or server-side scripting guides, suggest a 'chmod 777'.

    Little snitch works as part of the system preferences. To disable it the malware would have to gain write access to a part of the system. If the user is an admin, that would likely work, but otherwise not.

    Or it could attach to a program which is allowed to connect out, although this probably does require a vulnerability when run as a non-admin user (assuming the non-admin user was properly restricted).

    A good example is a Firefox extension. Assuming you allow Firefox to connect out, you don't need admin to install a per-user Firefox extension, and such extensions can be run before the main Firefox window is launched. Thus, you could probably run a fairly undetectable Firefox.

    In any computer system, if the user knows the admin password and gives it, there is not much that can be done about it. In Windows, since the user is FORCED to run as admin because many programs do not run properly or at all otherwise, a password is not even asked for, possibly arousing the suspicion of a reasonably astute user.

    The user is not now and never was forced to run as admin. You could run many programs as a limited account, probably at least as many programs as you can run natively on a Mac. You could use runas to run the few that require admin access as admin. Under Vista, I believe you'll be able to do something closer to what I want -- a program which needs admin rights will ask you for every little bit of admin that it needs, meaning most programs that need admin will run just fine if they only have access to their Program Files directory.

    So yes, a malware could write a lot of crap in the test account and fill up the disk and then cause system difficulties or even a crash.

    Or it could leave smaller pieces of itself behind, which would do absolutely nothing on the test account, but absolutely hose you on the admin account. Presumably, you actually start using apps on your main account when you're done testing them on the test account? The point is that you won't catch all its tricks by running it under a test account, even if it can't actually cause any harm from that test account.

    That's why I ran Steam not just on a test account, but exclusively on a limited account that didn't have access to the rest of my stuff.

    The present server version of OSX does contain an access control list facility with a nice interface that allows finer control of permissions. The consumer version lacks the interface and must be set up manually through the terminal command line.

  5. Re:Don't Understand? on Steal This Film · · Score: 1

    Oh, I agree. My argument was with this statement:

    Seriously, it's not out of protest against the music industry for prices or DRM or rootkits, it's more like "hey! free stuff!".

    I'm willing to buy music, so long as I actually own it, with no DRM at all. Same for video. I'm willing to compromise -- DVDs are OK, because the DRM has been cracked and they can never close the hole. But I'm not willing to use iTunes, because Apple actively goes after people who crack it, as well as closing the holes. So I simply don't use it.

  6. Re:Headline incorrect. on FairUse4WM Breaks Windows DRM · · Score: 1

    I wouldn't recommend it for converting to non DRM WMA, because then you get the quality loss and no point to it. That's why the cracking tools exist.

  7. I love it! on AOL 9.0 Called Badware · · Score: 4, Funny

    AOL is worse than malware. Malware is written with bad intent, or possibly written by Malcom Reynolds. AOL is just badware -- badly conceived, badly designed, and badly implemented.

  8. Re:Don't Understand? on Steal This Film · · Score: 1

    Depends who you're talking about. I don't care about the price, but I will not live with iTunes DRM.

  9. Re:"Income" might not be the best metric on Steal This Film · · Score: 1
    Assuming you treat the computer and internet connection as a sunk cost, the person without the additional disposable income could "afford" to download, but not to buy DVDs.

    This is a fair assumption. I make $15/hr doing a job that absolutely requires me to have a computer and an Internet connection. I eat Ramen to cut costs, but I still have my broadband.

    But, I don't have enough disposable broadband to be downloading movies all the time -- I rent those and rip the ones I like.

  10. Re:Headline incorrect. on FairUse4WM Breaks Windows DRM · · Score: 1

    Why would you want to convert it from WMA? You lose quality that way, unless you were going to make it into flac.

  11. Your name says it all. on FairUse4WM Breaks Windows DRM · · Score: 1

    Let's see. I use Linux. I would like to play my music on any device I want, including Linux.

    There was a time when I actually owned music. Hell, there was a time when we owned software. You are right to have that "right or wrong" disclaimer. It is most certainly wrong.

    Watching a movie on a handheld device, like a Video iPod, is a good way to pass the time on, say, a train ride, or a road trip...

    Now, in your case, I can actually see it's a tradeoff. But you don't seem to see that, all you see is "If you disagree, you must be a pirate."

    There is one kind of DRM I do put up with, and that's Steam. I put up with it because games are software, and commercial games are commercial software, and when was the last time anyone got source code to commercial software? Steam's DRM seems like it would only be a problem to people who are still on dialup, as it requires you to be online at least sometimes, and when it's online, it wants to update. But other than that, it lets me do absolutely everything I want with it -- I can install it on any number of computers, I can backup to DVD or to a network, I can restore to my account or someone else's, I can have it installed as many places as I want (as long as only one is online at a time), I can re-download any game I've bought, no matter where I bought it... Basically, Steam gives me more freedom than the competition, and the only cost is something I will never hit.

    Compare that to Windows Media DRM. I like to play my music on Linux, with a commandline program so I can easily play it on a headless box plugged into a sterio, on my Mac laptop (which I'm switching to Linux soon). I like to copy it as many times as I want, copy it over the network, keep it archived in Flac so I can convert from the source to any format I want. I like to actually own my music, and I like to buy from sites like MagnaTune, so I actually support the artist.

    I admit that, in terms of sheer cost and convenience (if I give up Linux), I'm tempted by these music rental services. But I don't want to rent my music, I want to own it.

  12. Re:Latest BS from Gartner on Vista the Last of Its Kind · · Score: 1
    I'm not convinced the advantages of such a scheme outweigh the flaws

    Amen, brother.

    In fact, most of the advantages of such a scheme go right out the window with a good package manager.

  13. Re:Doom. on What's On Your Thumbdrive? · · Score: 1

    And Doom still works. You couldn't put it on a thumbdrive when it came out, but you certainly can now. And this was last year for me.

  14. Re:Latest BS from Gartner on Vista the Last of Its Kind · · Score: 1
    The same way any other program does. Each user account has its own desktop file. A preference setting under "downloads" in the program allows the user to specify any directory or volume he/she has write access to.

    Yes, that's how I thought it work. But you said this:

    Programs, such as Firefox have write access only to the user's library which contains that user's configs.

    By that, I assumed you meant Firefox only had access to "~/Library/Application Support/Firefox", which would be kind of cool, but wouldn't provide any way to save files to any convenient place. The current method is no more secure than Unix or Windows, except that Windows apps typically don't work that way. I'd argue that it's less secure -- an admin user has full write access to /Applications, but only root has write access to /usr on Linux.

    In addition, I have a nifty program called "Little Snitch" watches for any attempted network connections and puts up a warning: " A program called xxxxx wants to connect on port yyy to address zzz.zzz.zzz.zzz " do you want this to be allowed? The user can then choose to deny, allow once or always allow hereafter.

    Yes, the builtin Windows XP Firewall and my nVidia firewall can both be configured to behave that way. I haven't found a program to do this on Linux, but I haven't bothered much, because -- how does Little Snitch work? What prevents an app from disabling it before attempting to connect? Or trashing some other part of your system and gaining access that way? Just install one little Firefox extension, and your app has all the access it needs.

    These are two indicators that something fishy is going on. A quick mouse click and such a suspect file is trashed.

    Except that the user's account may be littered with copies of the suspect file...

    A further security feature of a Mac is the simple fact that programs don't mess with the system and splatter junk all over the HD and thus can be gotten rid of easily. 99% of Mac software doesn't come with an uninstaller and there is no such in the system. Simply drag the offending files to the trash.

    Oh goodie -- so we only need one of the other 1% to ask for our password, or one of the 99% to do something evil once you run it.

    Since my test account doesn't have much of anything in it and it has no access to any other part of computer or network, finding crap is quite easy.

    How careful are you? Do you check every file against a tripwire? Do you do that as root, or as the test user? Do you wipe the test user every time?

    I'd imagine there's quite a bit of crap that someone could put there without you ever noticing.

    I sincerely hope (probably in vain) that VISTA will incorporate some of these simple security measures, since malware and spam affect everyone.

    I believe that in this respect, Vista could potentially be more secure than Mac OS, because they have to allow legacy software to have as much access as it needs, without permitting that same access to malware. As far as I know, they give you dialogs similar to "Little Snitch", but for disk access, not just net traffic. And I'm a Linux user, so I should be the last to apologize for Microsoft, but that's "Vista", not "VISTA" -- it doesn't stand for anything.

  15. Re:Latest BS from Gartner on Vista the Last of Its Kind · · Score: 1
    One question about the Mac installation scheme, though: how do programs make use of non-system shared libraries?

    They don't. If they really must, they will distribute a .mpkg, which is more akin to a Unix package manager. But this method of installation provides absolutely no method of uninstallation -- you can remove the app, but there will still be the crap littered all over your hard drive.

  16. Re:This is NOT a big deal on SHA-1 Collisions for Meaningful Messages · · Score: 2, Informative

    Not true -- XHTML-compliant browsers will only treat it as XHTML if it's sent with a "Content-Type: application/xhtml+xml" header. This is very nice for keeping your page clean -- view it in Firefox with that header, and it'll parse it as XML, and complain whenever you have a problem with your XML, saving you a trip to the even more pedantic W3C validator. Unfortunately, sending that header will have browsers that don't understand XHTML attempt to download the page, rather than displaying it as HTML. Even worse, browsers aren't consistent in the "Accept:" header they send, which is supposed to help with this -- Firefox prefers XHTML and says so, for instance, but while Safari is perfectly capable of receiving XHTML, it just says "Accept: */*", which says it doesn't prefer any type of document -- I may as well send it a PDF (which it would try to download). Even browsers which indicate a preference have to have "*/*" somewhere in there if they want to be able to download files.

    So, there's really no good, standard way of detecting whether to send XHTML as XHTML or HTML. I've tried implementing something on my website, but I doubt that it will really work properly until I break down and attempt to detect specific versions of browsers.

  17. Dogs will do that. on Heroic IT Dept Less Likely to Steal... Lunches? · · Score: 2, Interesting

    I've had a dog do the exact same thing. It may show something about the psychology of people who steal lunches -- this dog was incredibly loyal, always happy -- but had no problem with doing something he knew he wasn't supposed to do, so long as he thought he could get away with it, and would perform pretty much any trick you asked, as long as he thought you had a treat for him afterwards.

    I've known people like that.

  18. Re:Latest BS from Gartner on Vista the Last of Its Kind · · Score: 1

    The problem with solutions like this is that they're too difficult to understand, not widely supported enough, and I still don't have quite the amount of control I'd like. Consider a word processor. I'd like to be able to hit "save" and have it overwrite a document. I'd like to have it be able to do that anywhere, with any supported document. But I want to be sure it only does that when I've specifically asked it to overwrite a document, or when saving changes to a document that I explicitly opened.

    I think the real solution here would be something more like the model used by things like Apache. Apache is started as root, binds to port 80, then drops permissions. Postfix tries to keep most of its code in limited user accounts, even in chroot, but it obviously has to have some part of it running as root. Similarly, apps should be able to leave some tiny chunk with access to everything, then drop permissions for the rest...

    But it still doesn't solve another problem, that of wanting to be able to run untrusted apps. That requires a few things. There has to be some magic keystroke or something, guaranteed to go straight to the OS, like sysrq on Linux or ctrl+alt+del on Windows, so that I can allow games and such to grab full control of my mouse/keyboard (no window-manager specific keystrokes work), but when I want to quit the game, I can be sure it's gone. But sysrq, last I checked, doesn't work well with X, or has to drop you out of X to do its work. It also requires a standard, visually distinctive and somehow hard to fake GUI way of prompting me when an app tries to do something it's not supposed to. It looked like Vista was doing something like that with its file access.

    Net result should be, apps no longer have any way to fool me into letting them do things they aren't supposed to, but after a few initial hiccups, I shouldn't have any trouble doing exactly what I always use them for. Firefox should work exactly as before, assuming it has no security issues -- if it does, I'll discover them.

  19. Re:Latest BS from Gartner on Vista the Last of Its Kind · · Score: 1
    More and more Mac programs don't need an installer. Just drag them to the Application folder.

    Yes, I know all about .app "files". And when you double-click on that, the running app still has just as much access to your account as anything else.

    Anyway, there are still enough .mpkg files out there that it's not entirely unheard of for apps to require it when they really, really shouldn't need to. Example: FileMaker Pro.

    Programs, such as Firefox have write access only to the user's library which contains that user's configs.

    BS. How does Firefox download files to the desktop? Firefox chooses to only write to the user's library. Firefox can do whatever it wants to the user's entire home directory.

    I always try new downloaded programs as a different user first, before I run them on my account which contains sensitive data.

    Good theory. How do you know if it's misbehaving?

    I used to run untrusted Linux programs under a different user, but it became too much of a pain moving data to/from said user. There has to be a better solution somewhere...

  20. Re:About freaking time on Vista the Last of Its Kind · · Score: 1
    First, I don't see Linux as one operating system, I see it as many, and this is part of its strength.

    True, and I'd agree with you there, but there is also strength in unity. A kernel security patch will fix all distros.

    As for one dominant, secure OS, that's what my post was about - I think the two are mutually incompatible goals.

    I don't. There are absolutely secure systems. Some are small enough that you can mathematically prove them secure. Relying on a diversity of OSes, especially if that's a diversity created mostly by recompiling with different flags, is just another kind of security through obscurity.

    Being the dominant OS is going to attract the efforts of malware authors, who will focus on the exploits available to all unpatched systems.

    Unpatched seems a bit less likely to me on Linux, given how easy Ubuntu makes the update process.

    I honestly believe that Windows and Linux would be in opposite (though probably less pronounced, because OSS is generally more secure) situations when it comes to vulnerabilities and exploits if Linux had a 90% marketshare, because 90% of the bad guys would be working on exploiting that system rather than Windows. And not all the bad guys are script kiddies - some of them really know what they're doing, and would have no trouble picking through Linux (and with an OSS model, they could even intentionally introduce vulnerabilities directly into the source).

    This is actually a strength of Linux -- not all of those wanting to find exploits are bad guys. Personally, if I found a bug in Windows that was taking MS months to get around to fixing, I would be much more inclined to release it (and let malware people have a go), or even write some destructive malware myself (to remind people how insecure Windows is), than to just keep quiet. If I found the same bug in Linux, at least I have the option to fix it.

    And there have been attempts to intentionally introduce vulnerabilities into the source. Most of them have failed. I won't say all, because I simply don't know, but the sheer amount of open peer review that happens makes it a lot less likely. And the subtler the hole, the more likely it is to be closed accidentally by some combination of compiler flags, making this kind of attack less likely to be attempted in the first place.

    However, with physical access to the computer, you can pretty much do whatever you want to the machine (with the obvious exception of accessing encrpyted filesystems, or doing any real damage to a dumb terminal, etc., but I'm not talking about those cases, so I'll save you the trouble of pointing that out).

    You bring up two points. One, I wasn't talking about the user playing Quake 5, I was talking about id software. Why should I trust my game developers, of all people, with root access? If I run it under a limited user account, they don't have physical access, but if I run it on the bare metal, they may as well.

    And two, you're wrong about your exceptions. Real damage to a dumb terminal? Keylogger -- come back later, type passwords, and do real damage to the machine behind it. Encrypted filesystems? Same thing -- keylogger. Or patch their kernel to phone home and give you access once it has net access -- the encrypted filesystem should be mounted by then. About the only way to really slow them down is trusted computing -- then they'd likely have to break out the solder...

  21. Visual and scriptable on Teaching Primary School Students Programming? · · Score: 1

    It should be visual, and it should have a real-time interpreter. You want to make the process as simple as possible, and get them thinking about logic before you burden them overly with syntax.

    Actually, here's a suggestion: Try games first. Not to program with, but as an example. "How do you think this would work?" "What makes this glitch work? How could we fix it?" And all along the way, you can discover and correct their misconceptions about what a computer can and cannot do.

  22. Re:Cognitive dissonance on Dodging the Negative Reaction To GE Crops · · Score: 1

    Smoking will kill you, slowly, over time, and certainly not before you have a chance to fuck and have offspring.

    GE, though it's less likely, can not only kill you, it can kill our entire species, and very possibly the whole ecosystem.

  23. Re:bad genes on Dodging the Negative Reaction To GE Crops · · Score: 1

    Here's a big question, then: Why can't we get the genetic modifications listed on the ingredients list? Or at least the species used? You can check the ingredients list for peanuts or brazil nuts. You can't check for peanut or brazil nut genes (excuse me, proteins), at least not easily.

  24. Re:Someone remind me... on Dodging the Negative Reaction To GE Crops · · Score: 2, Interesting

    Funny you should mention food allergies. I know someone personally who's allergic to Brazil nuts. A Brazil nut gene was spliced into something completely different -- I don't remember what it was -- but it triggered a near-fatal allergic reaction.

    The big difference is, we can't check the ingredients list for genes. If we take a salmon gene and use it on potatoes, at what point can people no longer be vegetarians? The only way I know of to avoid GE food is either to pay very close attention to what is GE, or to use entirely organic food, which makes little sense to me -- I don't want GE, but I don't mind pesticides, which also aren't allowed in organic food.

    Oh, and the companies behind this -- take Monsanto. It makes Microsoft look like a "Don't be evil" Google. I don't remember the details, but I know a lot of small farmers in Canada were sued for patent infringement -- or was it copyright? -- for growing their particular strain of roundup-ready Canola. The catch? The farmers didn't know they were doing that. From Monsanto's disputed Wikipedia page, "Essentially, a part of Schmeiser's canola crop, grown from seed he had bred over many decades, was accidentally contaminated with Monsanto's GE canola, likely by seed escaping from passing trucks." For a software analogy, imagine a worm author suing you for copyright infringement for running his worm without permission.

    They've pulled similarly slimy tactics with RBGH -- many small dairies have been pressured into removing labels from their products which say "Our cows not treated with RBGH." I think the legal premise was that it implies RBGH is bad. Gee, I guess C&H should be suing all these products with "Sugar-Free" labels! What about "Fat-Free" or "Low Sodium"?

    I mean, I can understand what you're saying, and it's valid. Another software analogy -- the only truly secure computer is one that's not plugged in. But since we have to choose a computer, if your sole motivation is security, why would you choose Windows over Linux or BSD? Similarly, if you're concerned about the safety of your food, why would you choose frankenfoods over ordinary food? The only reason now is organic is more expensive...

  25. Hybrids exist. on Why Do Companies Stick with Voice Menus? · · Score: 1

    I've definitely heard them say "Press or say one". What about a front-door choice: Say "voice" to get the voice menu, press 1 to get the touch-tone menu.

    It's especially annoying with serial numbers. Really, at this point, if they can't let me use my touch tones for that, they should have a rep writing it down.