Slashdot Mirror


User: Gr8Apes

Gr8Apes's activity in the archive.

Stories
0
Comments
8,126
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 8,126

  1. Re:I for one on Rethinking How Congress Pushes Copyright Laws · · Score: 1

    I made that same argument, and someone came back and said it is still technically limited as written currently. My response is that as long as the term is longer than the average lifespan, it is effectively unlimited, and at even half the average lifespan, it appears unlimited to a large portion of the populace.

  2. Re:I for one on Rethinking How Congress Pushes Copyright Laws · · Score: 1

    Think of your tax $ going to your candidate, and mine going to mine, and his going to his. Now we have 3 candidates already, 1 more than we usually have.

  3. Re:Facebook is a public place on Facebook Scans Chats and Posts For Criminal Activity · · Score: 2, Insightful

    13 year olds are impressionable and malleable to outside influences. In no way are they capable of making a consent decision. You will discover this as you age, unless you're one of the unlucky ones whose mental maturation process is prematurely halted and never gets to the "adult" stage.

  4. Re:What about Horizontal Gene Transfer? on Scientists Resurrect 500-Million-Year-Old Gene Inside Modern Organism · · Score: 3, Informative

    It appears the experiment already has proven that evolution can take many tracks, as the bacteria adapted to the ancient gene, and did not mutate the ancient gene at all as of yet. Sounds to me like the evolutionary track has already altered, and if the bacteria is as healthy or more so than its unaltered cousins, then this bacteria would already be in better shape on the evolutionary ladder and would push evolution in a different direction.

    Honestly, I don't know why this is a surprise, since evolution is very much about reaction to outside pressures. A slight change in those pressures can change the outcome of the system, as it's not exactly a stable system.

  5. Re:Java = security nightmare on Web Exploit Found That Customizes Attack For Windows, Mac, and Linux · · Score: 1

    You may also note that I've only ever had one argument - that Java is the single largest infection vector for Windows computers.

    and I disagree. It's Windows that's the single largest vector for infection. Nothing more, nothing less. The fact that other systems run fine with Java really points out this glaring omission on MS's part. Why can't they secure their own software? (this is a rhetorical question, I already know the answer - if you can execute any program on windows, you can own the system. There is no way to secure it from a program run in user space if you can copy a binary file into the system, which is the only challenge you have)

    And I'll restate the final point - if you don't install/enable the plugins, you won't have a problem

    Now that we can agree on. I'm glad you agree with that statement.

    At least that one's done. So you agree the problem is not the JRE, but the plugins/plugin framework.

  6. Re:What makes you think his "sentence" is ever up? on Apple Hacker Charlie Miller To Demo Dangers of Near-Field Communications · · Score: 1

    I was considering "laptops", not notebooks, ultrabooks, or whatever marketing jargon they had out there. Also, considering the stories about how Intel attempted to jumpstart vendors against the Mac Air and said vendors stating they couldn't compete, I figured we'd go with an established area where the vendors were comfortable and surely they would be much cheaper than the "expensive" mac book pros.

  7. Re:Java = security nightmare on Web Exploit Found That Customizes Attack For Windows, Mac, and Linux · · Score: 1

    Well, since browsers are responsible for 100% of the infections listed, I expect you don't have them installed, either? And since Windows was also 100% responsible for infections, you don't have that either? For that matter, what are you doing on the internet? It is responsible for 100% of those infections!!!

    Don't be obtuse. IE was only responsible for 10% of infections, and I don't use it. Windows help files were the vector less than 5% of the time, and I assume IE was used there as well, because my browser wouldn't automatically launch a Windows help file.

    I'm not being obtuse. You are berating a product for the flaws of a single component that resembles an appendix that 99% of Java users never encounter nor care about.

    I think you may need to revisit your assumptions

    Maybe you misunderstood me. When I referred to "my browser", I was not referring to IE. I don't use IE for the same reason I don't install Java or Acrobat Reader. That's 79% of infections that won't succeed on my machine after very little (or no) effort on my part. Go ahead, ask me about the last time I had to clean up an infection on my personal computer and how it got there.

    mine was 98, IIRC, with Melissa, and I did not have it on my machine. I do have Acrobat Reader, Flash, and Java, including browser plugins installed. I just don't have them in my main browser, plus anti-ad plugins, like ad-block, noscript, and other plugins can keep you quite safe.

    If you enable pieces that allow outside access and code execution, then there is much greater potential for problems.

    There's no need for me to have to do that when they're enabled by default. So yes, when Java is installed with the default settings, which includes browser plugins, you end up with something that is the single largest infection vector for Windows computers. This is a fact, this is not my opinion and it is not theoretical. It is reality. You can argue all you want, but this is what the reality of it is. The current implementation and deployment of the Java runtime is a malware author's dream. It's a full-blown high-level language able to interact directly with the system (and indirectly, due to the numerous vulnerabilities), and the code that it runs is downloaded by the browser and subsequently executed. You can't ask for a better infection vector.

    Only if you install the browser plugin(s). You don't have to, and IIRC, that's a question the user has to agree to. So, you are incorrect on both counts, they're not enabled by default, and it's not the default settings. The fact that Windows computers are so bullet ridden wrt viruses etc is not the fault of Java, the JRE, nor even the browser plugins, but actually lies deeper in the core of Windows and how it is fundamentally unsound security wise.

    the JRE's primary purpose is to run specific java code, not random snippets from the web, at least for everything I'm involved in.

    Primary purpose for who? For you? For Sun or Oracle? For malware authors? What is the primary purpose of Java Web Start? Do you really want to have a discussion about "primary purpose" versus "unintended use"? Because I would direct you to WD-40, super glue, Teflon, Kleenex, SMS messages, etc.

    You do realize that you're trying to argue that Java isn't a threat in a discussion on an article about a piece of cross-platform malware distributed via Java, correct?

    We could, but it doesn't matter. Sun/Oracle AFAIK don't use or promote the applet model in anything they did/do at this point nor in the relatively distant past. WebStart is an entirely different piece that was promoted for a time, and even used by some, but on the whole, when is the last time you saw a JNLP app that wasn't IT distributed? (Yes, there's a difference).

    And yes, I'm aware of the se

  8. Re:Java = security nightmare on Web Exploit Found That Customizes Attack For Windows, Mac, and Linux · · Score: 1

    Exactly how Java ends up executing the malicious code isn't really relevant to end users. I don't have any parts of Java installed because I don't trust that it's going to be secure. I don't care enough about Java to go digging through the individual bits and pieces to identify which things are safer to install. It doesn't matter to me whether the DT is at fault, or the JRE, or J2EE or JDK or whatever else, I don't care. What I care about is avoiding infections, and since Java plays a part in 37% of infections, I'm not going to install any of it.

    Well, since browsers are responsible for 100% of the infections listed, I expect you don't have them installed, either? And since Windows was also 100% responsible for infections, you don't have that either? For that matter, what are you doing on the internet? It is responsible for 100% of those infections!!!

    Given malicious code, I propose that executing it is as dangerous whether it's Java, C, or even JavaScript.

    There's obviously a major difference there. My browser isn't going to happily download and execute a C application because some web page convinced it to.

    I think you may need to revisit your assumptions.

    Right, that's why I don't feel like I'm missing anything and, due to the fact that the Java ecosystem is the vector for so many infections, I don't see any reason why anyone should have it installed unless they need it for a specific part of their job.

    Again, Java isn't the vector, it's the browser/plugin aspect that is. That's like blaming C for being a vector because windows is largely written with it. The JRE, in and of itself, is no more insecure than anything else your CPU executes. If you enable pieces that allow outside access and code execution, then there is much greater potential for problems. This is an apt comparison, as the JRE's primary purpose is to run specific java code, not random snippets from the web, at least for everything I'm involved in.

  9. Re:What makes you think his "sentence" is ever up? on Apple Hacker Charlie Miller To Demo Dangers of Near-Field Communications · · Score: 1

    My point wasn't that you couldn't find a better deal for you, but that if you compared like with like (apples to apples pardon the pun) then you'd see that there's actually not a huge markup as many allege on Apple's part. That, and only that, is asserted, no, presented.

  10. Re:What makes you think his "sentence" is ever up? on Apple Hacker Charlie Miller To Demo Dangers of Near-Field Communications · · Score: 3, Informative

    So, let's start with the cheapest laptop Apple makes, the 13 inch MBP - i5 with HD4000 graphics and 4GB RAM, 500GB drive at $1199.

    Dell - no similar laptop, even their $1800 or so Lattitude only has HD3000 graphics, they're all 2nd gen i5 processors.

    HP has two at first look: $999 model and a $1399 model. Reviewing the specs, however, show that these are actually competitors to the 13" Mac Air, at $1199 which weighs less and comes with better confirmed battery life than HP posted. So, HP is also appears to be out in most comparisons, although they might have a slightly less expensive Air model. I didn't look deep enough to figure out exactly what the differences between their $999 and $1399 models were, nor how they compare exactly with the Mac Air. I just gave them the benefit of the doubt and stated they were mostly comparable, and dropped the issue of screen resolution differences (HP is wider, but shorter than the Mac Air, but not enough to belabor over in this comparison)

    I didn't bother to look any further - I think the above speaks for itself across 2 product comparisons and continues to support what I found a year ago when matching 15" laptops. There is little, if any, "Apple tax" on the surface, and none when looking at what comes with the system as a whole, at least for a large portion of their products.

  11. Re:Java = security nightmare on Web Exploit Found That Customizes Attack For Windows, Mac, and Linux · · Score: 1

    Yes, and a large, if not overwhelming portion of those are related to executing malicious code from external sources. The sandboxing failed in those cases. Running known code would have a very very small footprint of security issues.

    Regarding .NET - IIRC, .NET has no real sandbox in the way Java does, so a host of items that would be vulnerabilities in the JRE have no corresponding vulnerabilities in .NET. If we strip out all the WebStart/Applet type vulnerabilities, we'll have a closer apples to pears comparison with .NET.

  12. Re:Java = security nightmare on Web Exploit Found That Customizes Attack For Windows, Mac, and Linux · · Score: 1

    I dug further (I did mention that I needed a new hobby) - a long long long list of those are all related to the JDT, applets, and in general executing external code, not items related to processing files or operations that the JRE provides. (With exceptions like the one mentioned regarding the MIDI file in GP) So, most of the security issues are related more to someone providing a Trojan and the JRE sandbox not catching it than actual problems with the JRE itself. We can argue this all day, I"ll bet, but what it comes down to is given non-malicious code - ie, known code that you run yourself, can others subvert your JRE? I will argue that it will be exceedingly difficult to do so. Given malicious code, I propose that executing it is as dangerous whether it's Java, C, or even JavaScript. This is a different problem, and wrapping them together and calling the JRE unsound is disingenuous. Finally, what sites require Java that are "normal"? Very few that most people will come into contact with.

  13. Re:Java = security nightmare on Web Exploit Found That Customizes Attack For Windows, Mac, and Linux · · Score: 1

    Only if you've installed the browser plugin and enabled it. Amazingly, 3 of my browsers on my system do not have Java plugins, one does because I need it for a few items.

  14. Re:Java = security nightmare on Web Exploit Found That Customizes Attack For Windows, Mac, and Linux · · Score: 1

    Just for grins, I went through the entire list (I've got to find another hobby). The only item that is not either a JDT issue or related specifically to applet / externally provided code is CVE-2010-0842 Java JRE MixerSequencer Invalid Array Index Remote Code Execution Vulnerability, which is a bug in the MIDI file processor.

  15. Re:Whats the difference... on Hackers Steal Keyless BMW In Under 3 Minutes · · Score: 1

    I've definitely met the latter. The former, not since I left a specific city.

  16. Re:Most Macs are probably immune. on Web Exploit Found That Customizes Attack For Windows, Mac, and Linux · · Score: 1

    I was aware of the WebStart and applets being disabled - it was the first quick fix to the Flashback trojan and all related malware.

    Not having upgraded to Lion except on a test system, I was unaware of the Java no longer being installed in Lion by default. I guess Apple caught up to the rest of the world. Still, that doesn't really bug me because I've been managing multiple versions of Java on my system for years, so I've had to download them myself anyways.

  17. Re:Java = security nightmare on Web Exploit Found That Customizes Attack For Windows, Mac, and Linux · · Score: 1

    (wish I could edit)

    Actually, your statements really prove that C/Assembly are the real culprits, most of those are buffer overflows, a common problem with improperly managing your memory and pointers, something a whole lot less common for code written in Java.

  18. Re:Java = security nightmare on Web Exploit Found That Customizes Attack For Windows, Mac, and Linux · · Score: 1

    Even the JRE is not much of a threat. The browser plugins are another story entirely.

    PDFs, IIRC, just recently were a threat in and of themselves. But that's neither here nor there.

    Your link exposes that the browsers and the Java Deployment Toolkit appear to be the culprits, not the JRE itself.

  19. Re:Java = security nightmare on Web Exploit Found That Customizes Attack For Windows, Mac, and Linux · · Score: 1

    Really? J2EE in the last 12 months although that's not too telling, so we'll look at JRE 1.6, all systems, over a couple of years. Feel free to post other data. If you're talking about WebStart or Browser plugins, I'll note first that those are not part of Java, and second, that they are highly affected by their browser's integration and potential lack of security features there.

  20. Re:Whats the difference... on Hackers Steal Keyless BMW In Under 3 Minutes · · Score: 1

    how are you going to hit them? They're *passing* you....

  21. Re:Java = security nightmare on Web Exploit Found That Customizes Attack For Windows, Mac, and Linux · · Score: 1

    "java applet".

    So in other words, if you VOLUNTEER to run their malware, their malware runs. Wow. Whoda thunk it.

    Java = security nightmare. javascript not much less so. Anyone halfway security conscious only runs scripts based on a whitelist of trusted sites.

    Java is not a security nightmare any more than C or assembly is, and generally less so. Stop spreading FUD.

  22. Re:Most Macs are probably immune. on Web Exploit Found That Customizes Attack For Windows, Mac, and Linux · · Score: 1

    That'd be news to the millions getting new macs and using Java.

  23. Re:Just a label. on Trying to Untangle Anarchist Attacks On Scientists · · Score: 1

    Anarchists just want everybody to be equal no person above or below any other in terms of power or pull. An anarchistic society would still have rules, but they would be decided by the community,

    Ah, so a government!

  24. Re:Maniacs, all maniacs on Hans Reiser Sued By Own Kids For $15 Million · · Score: 1

    Open source versus closed source is not an indication of a trust in a persons professional capacity or ethics. To try to say that this man's mental state is any way indicative of all mental states of open source developers is just offensive and stupid.

    No, it's not stupid. The same logic is applied to closed source developers all the time. If half the developers would be bad apples, it would be a real problem and it would be looked at. That's not the case, of course, but Reiser was in quite high position. No one in closed source world within same position would work on code if he had mental problems. The company would had either taken care of him or let him go way before that.

    Hmm, then there was that RSA employee.... proprietary closed source - definitely, high security - you have to ask?

    The very fact you mention Microsoft products being chosen over random open source products takes away any claim to an impartial position. Where are the plethora of closed source software vendors in that statement?

    I mention Microsoft because they are 99% of the time chosen instead of open source competitors. Yes, that really is the case in real world.

    Really? The latest stats by revenue indicate MS is chosen less than 50% of the time, and if you go by what those numbers mean by licensing costs, MS is chosen less than 25% of the time, and that's only for revenue generating licenses. There's plenty of CentOS installations out there, which generate no revenue at all. Wikipedia is a bit skewed (to Linux's favor) at least without more data, but has a set of references linked to start with.

  25. Re:Great on Bye ACTA, Hello CETA · · Score: 3, Insightful

    but to me it looks like in the US this is happening because more people find it acceptable

    This. For whatever reason, it seems like more and more people are voting against their interests, all because of the promise of some benefit to someone else. ...

    I don't know when it happened, but a sizable number of people in this country have been convinced that the government they themselves elected is an evil machine hell bent on wiping them out ....

    First, people appear to be voting against their interests because they are voting for a very specific interest that amounts to crap in the big picture of politics (abortion anyone?).

    Second, those latter 2 statements are not necessarily opposing facts. The government they elected is not the one they received, and there's plenty of evidence they're an out of control evil bent on subjugating the populace, or strongly going that way. Heinlein, Huxley or Orwell may have been prescient instead of merely writing dystopian fiction. Heinlein is included because of the social commentary in Starship Troopers.