Slashdot Mirror


User: Ash-Fox

Ash-Fox's activity in the archive.

Stories
0
Comments
7,748
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 7,748

  1. Re:Pointless.. yet again. on Australian Gov't Seeks To Record Citizens' Web Histories · · Score: 4, Informative

    Trivially easy to circumvent once again. Google already offers SSL encryption for web searches and for Gmail and I don't even need to mention all the privacy tools available.

    I don't understand how this doesn't stop ISPs from doing a man in the middle attack on gmail and using their own valid SSL cert - I mean, it's not like I can't register a certificate for mail.google.com, the majority of legitimate authorized SSL cert providers will let me purchase it regardless.

    Or they could invest in buying one of Netronome's high performance transparent SSL proxies (What? Did you really think current SSL schemes are that secure these days?).

    Everybody who has something to hide on the internet is already using these trivial methods and others.

    If technical people are serious about implementing such a system correctly, the bar of entry for the knowledge to get around this will get raised quite exponentially.

    This is about spying on the average citizen.

    I doubt your 'average citizen' would even know (s)he needed to get around it first, and then having the knowledge bar of entry some how to get around it, seems highly unlikely.

  2. Re:Join removal is cool on What Is New In PostgreSQL 9.0 · · Score: 1

    seriously, why in hell it even exists an application that requires a specific database?

    it was defined as a standard for a reason, SQL.

    Actually it uses mysql out of the box and runs really well, but I am amused that nobody can seem to provide any alternative to this or even bothered asking if it worked well to begin with.

  3. Re:Kubuntu is part of Ubuntu, not "one guy" on A Quick Look At KDE SC 4.5 Beta 1 · · Score: 1

    As you can see, my views on Kubuntu's lack of polish is a fairly common one.

    I went out of my way to do a few google searches, here is just a short sample of them:
    Ubuntu unpolished
    Kubuntu unpolished
    Vista unpolished
    OS X unpolished

    Seems the view of all software lacking polish is a fairly common one. I also did more than just look at the first page of results.

  4. Re:Join removal is cool on What Is New In PostgreSQL 9.0 · · Score: 1

    For me it is the other way around. The people who know or use MySQL are in the minority. Everybody I know uses mainly PostgreSQL (unless one shitty OSS project requires MySQL).

    I'm quite fond of Zimbra, however it uses MySQL. Any ideas about a better solution that replaces Zimbra which is not in the "minority"?

  5. Re:Related Tangent on What Is New In PostgreSQL 9.0 · · Score: 2, Interesting

    It runs POSIX compliant unixes, even Mac OS 10.5 and later, Linux, etc.

    Sorry to say, but OS X is no where near POSIX compliance.

    To give one example, it can't even forking properly, it disallows a process to fork violates the POSIX standard. It does not forbid you to fork(), it demands you to fork() and exec() when it cannot guarantee you that the libraries you are using are safe from async-signal-safe. Guaranteeing your code can be forked even in a signal handler at any time is what POSIX demands. Trying to fork() without exec(), this is allowed by POSIX standards, however, if OS X cannot guarantee that the libraries in use are 'async-signal-safe' and this is not allowed, so it crashes the thread. There is tonnes of broken crap like this in OS X. Don't even get me started on the broken POSIX threading.

    Now, the funny thing is that Windows actually possess a POSIX, which is fully compliant while OS X's is not. Why isn't VoltDB available for it? I find this sort of thing stupid.

  6. Re:British icon on British Computer Society Is Officially At Civil War · · Score: 1

    Maybe we should have an icon for articles about Australia as well. I am not sure what though. I don't think a picture of a Sydney bus would convey the right impression. So whats our icon? A can of beer? A kangaroo diving head first through a windscreen?

    The icon should be a cap, symbolizing how Australia is well known for it's bandwidth caps.

  7. Re:Meh, TV, computer monitor, they are the SAME! on Study Finds That "Extreme Gamers" Play 48 Hours a Week · · Score: 1

    So, yeah, 48 hrs gameplay per day.....definitely possible. Just not very pretty after a couple all-nighters, is all.

    How many hours do you believe there is per day?

  8. Re:Come on - just do it on Doctor Slams Hospital's "Please" Policy · · Score: 1

    If true, this sounds like a stupid rule, but - just do it. Write "Please". It's that big of a deal?

    You've never seen a doctor's handwriting, have you?

  9. Re:This will never fly on EU To Monitor All Internet Searches · · Score: 1

    Would that be the Lisbon Treaty that was ratified by all the members' national parliaments

    In an undemocratic manor as mentioned in this parliament video and many others: http://www.youtube.com/watch?v=mNkRc2OBdCY

    Fortunately the entire situation is not screwed and we may have a chance to have a referendum on the issues: http://www.youtube.com/watch?v=XBp4En0Zehc

    and which for the first time formalised how a member can exit the union?

    Asking the EU for permission to leave the EU, where they officially have three years to decide? Yeah, I'm not really convinced.

    This is the same EU that can't even manage it's funds and wants to manage everyone else's: http://www.youtube.com/watch?v=wANxxNOsfb4 http://www.youtube.com/watch?v=20B12TdWeyo

  10. Re:Security? on Microsoft Talks Back To Google's Security Claims · · Score: 1

    It's perfectly possible to run services under other accounts, so it's not a security model problem.

    Yes, it is possible, but it doesn't by default and that is one of the main reasons why worms were able to infect the rest of the Windows system. Additionally, you may find that Windows IPC does not work correctly between different user accounts, so you end up in situations where daemons that should only have access to certain things, have access to more things as other daemons need to run under the same account to operate correctly.

    When it comes to the "out of the box" argument, I am reminded of OpenBSD, where I end up finding users running with some of the most insecure systems out there because the default and only account created on setup is the root account, the default configuration of daemons being completely disconnected with common security practices used in other OSes - Sure, you can configure it and OpenBSD has the potential but it's horrible to see how many people simply don't.

    A process cannot elevate itself via an UAC prompt.

    It can with the windows messaging API to which Microsoft has still not solved.

    A well-behaved application will just provide descriptive text to UAC.

    So, you're essentially saying that Microsoft Windows' control panel and configuration dialogs are not well behaved? Because those are classic examples of doing that. A very classic example of this is, modifying windows update settings.

    A malicious application can generate a temporary script with contents that contains the actual nasty stuff, but with a convincingly sounding name that is good enough to fool a casual user.

    The point is, for a more experienced/computer literate, whatever you want to call it, won't be fooled. Especially when the script or executable is not stored in /usr/bin or /usr/sbin, it calls for caution. When it comes to Windows, well.. I guess you could say everyone gets the same experience.

    Erm, that's the whole point of running UAC prompts on a separate desktop - no application can "push buttons and such" on it.

    Oh I agree, it is the whole point, but the whole problem is that it's broken.

    Then I have to deal with issues like making an application that requires compatibility mode work while compatibility mode is blocked in the OS.

    Your reference to some compatibility flags that, if I understand you correctly, let one work around that is interesting, but I'm not aware of such a thing. Can you provide references?

    I'll provide you information to get you started, I can't provide my own research here due to the fact I don't have ownership of it (private company owns full rights to it). You need to know about the window messaging APIs, a good chunk of information on how to 'miss-use' it on previous versions of windows an be found on:
    http://www.hacking-lab.com/export/sites/default/cases/7005-windows-security-privilege-escalation-shatter-attack/shatter.pdf

    Exploiting it under Windows 7 is rather simple, provided you included a compatibility flag on your executable for a previous version of windows, you will have the ability to manipulate anything on console 0 as you essentially are broken out of the virtual desktop virtualization when in compatibility mode. You can then perform UAC actions, look for the UAC window handle. You will need to then remove the window restrictions from the window handle the same way as shown in the shatter exploit to deliver any large amount of shell code necessary, you can use Message.WParam to override various wmdproc settings.

    Now here is the fun part, you can inject your own shell code into the window just like in

  11. Re:This will never fly on EU To Monitor All Internet Searches · · Score: 2, Insightful

    If the EU doesn't uphold this, it's members will.

    From what I have observed, members don't tend to have much say or power. Look at the whole issue with Greece or even how laws are being steam rolled into the UK with the Lisbon treaty with no way out.

  12. Re:Security? on Microsoft Talks Back To Google's Security Claims · · Score: 2, Informative

    So go ahead, explain what exactly is inproper in Windows XP security model, preferably in comparison to "proper security models dating back decades".

    I'm not the original poster, but some things I was doing in Ubuntu before Vista was even out. I have no idea when these things came into existence, but I believe these concepts already existed previously in other systems. All daemons with the exception of x.org were running under their own restricted user name accounts that were locked down enough to not touch the rest of the system while Windows runs daemons under various accounts including SYSTEM, LOCAL SERVICE, NETWORK SERVICE which all have varying degrees of access to the rest of the system which is how many Windows worms are capable of accessing the rest of the system.

    As for UAC, it's exactly the same as gksudo.

    I don't see how, gksudo is not wrapped around applications waiting for them to perform some operation that requires extra permissions and then prompting about it. It requires you run the command in question as the given user if you wish to do so. Unlike UAC however, these commands are usually simplified in some way such as you will see it prompting to run '/usr/bin/updatedb' as gksudo rather than application want to do action "{0f15391e-105f-4b05-91e3-48b73c60ae63}". Even for power users, stuff like "{0f15391e-105f-4b05-91e3-48b73c60ae63}" makes no sense. Does that mean it's going to install adware in IE? Does that mean it's just going to read/write some configuration settings? No idea. At least with gksudo you could see exactly what script/command it was executing and investigate.

    gksudo also is not vulnerable to window messaging APIs like UAC is, where by you can craft various specially crafted applications to push buttons and such (hint: just get the application to toggle compatibility flags to get around windows 7's fixes against that) which defeats the whole purpose of Microsoft locking down console 0, but alas...

    I can think of other things employed such as intrusion detection and elimination done on Linux via things like apparmor and selinux. Windows' closest functionality to that is group policy settings and unfortunately it is no where near as capable.

    I hope this was sufficient enough to answer your question.

  13. Re:The choice of artists & designers on HTML5 vs. Flash — the Case For Flash · · Score: 1

    Zynga

    Never heard of it.

  14. Re:The choice of artists & designers on HTML5 vs. Flash — the Case For Flash · · Score: 1

    WHAT ALTERNATIVES EXIST to do rich interactive graphics and animations that are accessible by a large # of devices. ANSWER THE GODDAMN QUESTION.

    Google webkit.

  15. Re:The choice of artists & designers on HTML5 vs. Flash — the Case For Flash · · Score: 1

    Until there is a viable alternative to Flash (and there isn't yet), Flash will still rule among artists & designers...

    Don't be afraid of disappearing into irrelevance, you already are for the most part. There really isn't that many Flash oriented websites any more.

  16. Re:The entire article can be defeated with... on HTML5 vs. Flash — the Case For Flash · · Score: 1

    Smokescreen. It replicates every feature of flash. From what I've seen, there isn't a smidgen of quality difference.

    I haven't seen a development suite similar to that of Adobe's for generating HTML5 content. I saw nothing really at all with animation anywhere beyond silly fade in/out effects. But since it's all a smokescreen as you say, where can I get a copyo of this mysterious editor?

  17. Re:Sounds familiar on Apple Blindsides More AppStore Developers · · Score: 1

    I used to play the game with SL, developed in-world items and scripts.

    The only things I can think of that essentially got 'banned' from Second life with regards to scripts were bank ATMs (due to all the ponzi schemes) and any gambling stuff that used a random number generator since Second life did not have a true random number generator available and as such would violate various gambling laws.

    I don't really see this being similar to Apple honestly.

  18. Re:What? on How CDNs and Alternative DNS Services Combine For Higher Latency · · Score: 1

    Then I don't think you understand the laws very well.

    I'm pretty sure that's only the case when it comes to common carrier scenarios. Since ISPs aren't considered common carriers, I am sceptical this applies to such instances as I have been told by actual lawyers due to related work.

  19. Re:I hope they keep the pay as you go model intact on Skype App Updated, Allows 3G Calling On the iPhone · · Score: 1

    In the UK, I have a phone that includes a skype client on it. It uses the regular voice network for voice calls and costs me absolutely nohing for skype to skype calls, I can also do calls to foreign country numbers using my skype credit. In fact, you can get a pay as you go card and not have to refill it or anything to use the skype functionality.

  20. Re:PDF!!! on Is Wired's App Really the Future of Magazines? · · Score: 1

    Is it? The interactivity abilities of PDF are what exactly? Hiding/unhiding text?

    The latest PDF spec supports embedded flash - I would say the abilities of PDF are quite large.

  21. Re:We've discussed this before on How CDNs and Alternative DNS Services Combine For Higher Latency · · Score: 1

    Yeah, as long as your entire transaction consists of a single packet being sent to the server. It's not reliable after that.

    Non-sense. DALnet has been using it now for years and the TCP connections to their anycast IRC servers appear to be perfectly reliable.

  22. Re:This is not accurate on How CDNs and Alternative DNS Services Combine For Higher Latency · · Score: 1

    So you want to explain why you hijack google traffic?

    So, why exactly couldn't you find this information in their knowledge base again?

    Failure to provide a non-"computer illiterate" reason will require you to hand in your geek card.

  23. Re:What? on How CDNs and Alternative DNS Services Combine For Higher Latency · · Score: 2, Informative

    That would be a violation of my state's wiretapping laws.

    Most wiretapping laws that I am aware of do not protect you from 'eaves dropping' from private companies when you're using their services.

  24. Re:Slashdot uses Akamai on How CDNs and Alternative DNS Services Combine For Higher Latency · · Score: 1

    But every time I notice slashdot taking a long time to load it is always one of the a.fsdn.com links that it is "stuck" or sluggish on (as you see them in the status bar). I wonder why that is?

    Duh, they're getting slashdotted!

  25. Re:Really bad PR for Google on Google Describes Wi-Fi Sniffing In Pending Patent · · Score: 1

    So, what you're saying is, these people are tresspassing on Google's property by broadcasting data into Google's streetview trucks?

    I can't see this comment of your making sense any other way, since system wasn't being interactive with the networks (ie: talking to them) to get the data, they were just recieving unencrypted broadcasted data.