Slashdot Mirror


User: whoever57

whoever57's activity in the archive.

Stories
0
Comments
6,467
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,467

  1. Re:Car Analogy on Italian Consumer Watchdog Sues Microsoft Over 'Windows Tax' · · Score: 2

    And if you buy a new Chevy, you cannot remove the stereo system and return it to the dealer for a refund of that $1000 it supposedly costs.

    But you can remove the stereo and sell it through eBay (although Chevy is probably trying to figure out how to stop that trade). Try re-selling your OEM license of Windows!

  2. Re:Duh on How Facebook Responded To Tunisian Hacks · · Score: 1

    That's why FB's response was to respond to all requests from Tunisia using https.

    That would still leave those users out in the cold that don't know that they're now supposed to enter https://www.facebook.com/ [facebook.com] . Unfortunately, that would be 99% of the users...

    I assume that Facbook sends back a a re-direct in response to a connection attempt to their http site from Tunisia. However, if the code that intercepts and re-writes the webpage is updated, it could intercept the re-direct and proxy the connection, with an https connection to facebook and an http connection to the poor Tunisian's client PC. So, facebook's response won't be very effective.

  3. Re:Duh on How Facebook Responded To Tunisian Hacks · · Score: 2

    How badly does Facebook's password encryption suck if a man-in-the-middle attack can easily steal everybody's password?

    The attack may have been a little more sophisticated. Most pages are loaded over a non-encrypted connection. Just the pasword may be sent over an https connection. However, the use of unencrypted pages for everything else allows man in the middle attacks that insert a javascript keylogger into the reply that logs keystrokes directly from the source PC, not from packets as they cross the wire.

    That's why FB's response was to respond to all requests from Tunisia using https. That's why GMAIL now defaults to 100% https.

  4. And in the USA on Norwegian Police, Seeking Info On 2 Bloggers, Take Data From 7,000 Accounts · · Score: 5, Interesting

    Some time back, there was a judgment that allowed police to trawl through the entire contents of a hard drive if they had a subpoena for one person's data from the drive, so I was wondering if the following scenario would work:

    Police get a subpoena for electronic bank records of an individual. They go to the bank and the bank offers to provide the relevant data. However, the police say: "No, this subpoena is not limited like that. Give us all the hard drives that might contain data on the subject". The bank is compelled to hand over thousands of hard drives. Now the police can trawl through bank records of millions of people unrelated to the original subpoena.

    Could this happen? Will it happen?

  5. Already happened? on Betelgeuse To Blow Up Soon — Or Not · · Score: 0, Redundant

    Since Betelgeuse is about 640 light years away, it could have happened hundreds of years ago. We just don't know it yet.

  6. Re:Where do they get these numbers? on Ballmer Says 90% of Chinese Users Pirate Software · · Score: 1

    I know. What I meant is - is WGA for XP still being regularly updated to thwart the various cracks that disable it? I

    WGA != Genuine Advantage Notifications. Related, yes, but not the same. No crack is required under XP for Genuine Advantage Notifications since systems will run perfectly well (including downloading all updates and add-ons from MS) if it is simply not present on a system.

  7. Re:Where do they get these numbers? on Ballmer Says 90% of Chinese Users Pirate Software · · Score: 1

    Does it still do it for XP?

    A fresh install of XP does not include Genuine Advantage Notifications, but it will be downloaded and installed on the first update unless blocked.

  8. Re:Where do they get these numbers? on Ballmer Says 90% of Chinese Users Pirate Software · · Score: 1

    Why would they turn it off? It still downloads critical security fixes, even on pirated copies.

    And Genuine Advantage Notifications.

  9. Re:"Took money from Microsoft" = FAIL on Open Source More Expensive Says MS Report · · Score: 1

    I found Ubuntu Linux to be very difficult to learn, mainly because every time you need to fix something (example: change to supervisor mode to install flash), it involves opening the CLI.

    Once agian, you are full of it. Command line mode is not needed for installing flash.

  10. Yahoo IPv6 Upgrade Could Shut Out 1M Users ... on Yahoo IPv6 Upgrade Could Shut Out 1M Users · · Score: -1, Redundant

    ... and nothing of value was lost.

  11. Article is probably accurate. on Open Source More Expensive Says MS Report · · Score: 1
    Actually, I think that the article is probably accurate. The problem is /.'s summary. The report says:

    Yet the finding that open-source advocates will like least is that free programs are not always cheaper.

    Thus, the article acknowledges that the use of open source is cheaper in some circumstances -- but what proportion? The article doesn't elaborate. It could be 1%, it could be 99%.

  12. Re:CA Supremes are full of shit on Encrypt Your Smartphone — Or Else · · Score: 1

    Your scenario: false arrest -> search -> find something for legitimate arrest.

    This is a classic "fruit of the poison tree" and will be thrown out in any court.

    Your scenario of false arrest is unrealistic. They can always find some "legitimate" reason to arrest you. There was a study that suggested that every American commits an average of 3 felonies per day. Have you paid all your parking tickets? Then there is the old standby "resisting arrest".

  13. What about data "in the cloud"? Or acessed via VPN on Encrypt Your Smartphone — Or Else · · Score: 1

    Let's say, that my smartphone provides acess to my emails that are not stored locally, but on a server somewhere, or files that II acess using a key that is stored on my smartphone. Would the CA Supremes think that an arrest would allow the police to then rifle through my (remotely stored) files and emails?

    What if the files and email are stored on my home PC and acessed over a VPN?

    What if I can access a camera in my house?

  14. Lowest cost bidders? on Stuxnet Authors Made Key Errors · · Score: 1

    Mistakes, well what do you expect from the lowest cost bidders for this government project?

  15. Re:I'm fine with this on French ISP Throttles Direct Download Website · · Score: 2

    If he's sharing the home connection, and it's a problem due to his use, then the father needs a backbone. I don't care how old the son is.

    Perhaps the son pays for the Internet connection?

  16. All about increased bills on California County Bans SmartMeter Installations · · Score: 2

    This is really about some people who have seen vastly increased bills. Now, the question is: are the new meters wrong or were the old electromechanical meters (installed decades ago) wrong?

    Occam, whare are you? Or, as the saying goes, when you hear hoofbeats, think horses, not zebras.

  17. Re:Nor surprising ... on New Cars Vulnerable To Wireless Theft · · Score: 4, Informative

    In true slashdot fashion I shall pontificate without RTFA.

    And you would be completely, 100% wrong.

    The keys rely on proximity. What the "attackers" did was to provide a boost to the signals sent out by the car, causing the key to respond at much larger distances from the car than normal. The near-proximity requirement only works one way (from the car to the key), so the key will respond to the boosted signals and the car will pick up the reply if the key is within 100 meters. This attack would allow a key inside a house to unlock and start a car on the driveway.

  18. Re:Why Windows is to blame. on Spoofed White House Card Dupes Many Gov't Employees, Steals Data · · Score: 1

    Other than, that, it depends on what your definition of "secure" is. Once again, this e-mail has absolutely dick all to do with OS security. If you allow users to have documents, and you allow users to run files, and you allow users to send and receive e-mails, then you're creating an environment where a user can run a program which copies all of his documents and e-mails them to someone else. Period, full stop

    Once again, I will label you as part of the problem. Essentially, you have given up on the idea of security.

    There is no reason why users should not be able to send and receive emails without being able to run random executables. There is no reason that it should not be possible to configure a ciomputer so that random executables cannot be executed.

    I'll say it again -- 10 years of "educating users" has failed. What did Einstein say about repeating an action and expecting a different result?

  19. Re:Why Windows is to blame. on Spoofed White House Card Dupes Many Gov't Employees, Steals Data · · Score: 2

    In an enterprise environment? The majority. On government systems? EVERYONE.

    So, what you are saying is that it is impossible to lock down Windows so that it is secure?

  20. Re:Why Windows is to blame. on Spoofed White House Card Dupes Many Gov't Employees, Steals Data · · Score: 1

    on a Linux distro that doesn't have /home mounted as noexec, the exact same thing could have happened, with some idiot running Dancing Bunnies.sh that installs a trojan to the userspace and has it run when the desktop environment launches.

    We should be careful of false dichotomies. Just because Linux might have the same weakness, does not make it any less WIndows' fault.

    However, Windows 2000 has been out for over 10 years, Windows XP has been out almost 10 years. We have had enough time to realize that training users to not click on the dancing bunnies is not an effective strategy to prevent this type of problem. Hence the problem is that WIndows doesn't have a mechanism to prevent execution of arbitrary code which is normally on and not easily overridden by the user.

    Thought experiment: why doesn't MS offer a locked-down-by-default version of WIndows ("Windows for Government" or Windows Secure")? It could be just the same as a normal version except that all the security options default to it being secure, rather than open? There are a number of possible reasons and they all point to MS being the root cause of the PC security problems found by Windows users.

  21. Why Windows is to blame. on Spoofed White House Card Dupes Many Gov't Employees, Steals Data · · Score: 2

    Don't blame Windows. This was a case of government employees being duped by an email Christmas Card. They may as well have "checked out this screensaver!" or pictures of "Anna Kornikova"

    Apologists like you are why we have lousy computer security as a nation.

    You blame the users, elsewhere people blame the sysadmins for not locking down the systems. Which is it? Neither, because the root problem is that Windows is designed to be used in a non-locked down mode.

    How many people actually run Windows as non-admin users? It's a pain. Why is it that sysadmins don't lock down Windows machines? If this were not the norm, one could blame a few sysadmins for not doing their job properly, but it reflects how most Windows systems are used. Why is this? The answer lies in how people expect to run Windows -- from developers through to users -- they all expect the systems to be open.

    So, while in theory Windows systems should be locked down, and users should not click on such things, in practice they are not locked down and people click on dangerous links because that is the way Windows is designed.

    Car analogy: if a car manufacturer built cars with ineffective brakes, would you blame drivers for not braking early enough?

    Where Windows is today is that the driver can make an adjustment that would make the brakes work properly, but if that were done, the car would be limited to 50mph. No-one chooses that option.

  22. Re:Does anyone pay these people? on Battle Escalates Between Airlines and Online Agents · · Score: 1

    Why would you do this when you can book right on Expedia or Orbitz for the same price as booking direct on the airline's site?

    Imagine that there is a volcano affecting flights between Europe and the USA, or a massive storm affecting all flights in and out of the east coast and your flight is canceled. You want to get a new flight or a refund. The airline will tell you to call Expedia or Orbitz and you may find that getting your new itinerary or refund is much more difficult than if you booked direct. At one time, one of these sites actually tacked on an additional change fee (over and above the airline's change fee), so that changes cost you more if you booked via that site.

  23. Re:Expedia provides no value on Battle Escalates Between Airlines and Online Agents · · Score: 1

    Until quite recently, one of the major online travel booking sites used to add their own change fee if you wanted to change your flight. You still had to pay the airline's fee, so the reward that the website gave you for using their site was increasing your cost.

    I was using Hotels.com (really Expedia, I think) for hotel bookings. However, I stopped after one bad experience. I booked through hotels.com and when I arrived at the hotel, they denied that I had booked the room. When my credit card statement came through and I saw both the Hotels.com and the actual hotel's charge for the room, I called hotels.com and demanded a refund. While I was on the phone, they confirmed that I had stayed in the hotel and had paid the hotel directly, athough they claimed that the hotel had received the booked (but really, after the fact, who knew whether the booking had been transmitted before I arrived at the hotel?). Knowing this, they said I would have to call back again to ensure that I got the refund. I told them that my next call would be to my credit card company to dispute the charge. The operator even had the gall to claim that his supervisor wasn't there (yeah, right -- a call center without a supervisor there?).

    So I stopped using hotels.com. In truth, the same rates are available directly from the hotels. The websites provide some value in locating the hotels, but after that, there is no value.

  24. Windows for tablets -- NT-derived, or CE derived? on France Planning Non-Windows Tablet Tax? · · Score: 1

    MS is going to announce an OS for ARM-based tablets, Lots of people have assumed that it will be a derivative of the desktop OSes. However, it seems more likely that it would be a derivative of WIndows CE (like Windows Phone 7). Until more details come out, we won't really know.

    If it is CE, why should MS be treated differently from other OSes?

  25. Re:Cold weather on Ford To Offer Fuel-Saving 'Start-Stop' System · · Score: 1

    And modern engines need no more than 30 seconds of idling to be "warmed up" for driving.

    But what about the catalytic converter -- that has to be hot before it does anything and I don't think that 30 seconds of running gets it anywhere near hot enough.