Slashdot Mirror


User: jimicus

jimicus's activity in the archive.

Stories
0
Comments
7,388
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 7,388

  1. Re:It's like Prohibition - Unenforcable on Managing Personal Electronics and Software In the Workplace · · Score: 2, Interesting

    The same kind of thing applies in a corporation. You don't want to lower morale, and you especially don't want employees to lose respect for your policies. That certainly poses more risk to the success of an organization than connecting your iPhone to the wifi network.

    Maybe a better solution would be investing in IT infrastructure.

    It's a bit awkward in IT. Hey, it's always a bit awkward.

    You let everyone install anything they like and do whatever they want -> Congratulations, you've just been picked for BSA Raid of the Month! (In some countries, directors are criminally liable so you have to take it seriously) With extra interest from the PRS if MP3 files are found!

    You let nobody install anything -> well, the implications depend entirely on the role of the end user. If the PC is being used by someone in a call centre, this is probably appropriate and call centre staff are relatively easy to replace. If it's in software development, you wind up spending the rest of your life installing software on people's behalf and being hated by everyone.

    These things are blocked because the world's Windows support forums are absolutely chock-full of individuals who have got their home PC absolutely chock-full of rubbish like drivers for that cheap scanner which never really worked, 15 different and equally lousy photo editing programs after they found out how much photoshop costs, goodness-knows-what malware installed from a pirated copy of photoshop and whatever else besides. It is simply not practical to deal with these issues on every PC.

    I am the IT manager. I'm very lucky in that I'm not having to support a vast number of people who, given the opportunity, would wind up with PCs as screwed up as what I described above - I can therefore operate much of this on a trust system- "I won't go searching for dodgy stuff, please don't leave it in plain view". However, the company I'm working for is growing at a rate of knots and I'm sure this will change in time.

  2. Re:Changes in the wind. on Russian Police Know Who Wrote Gpcode Virus · · Score: 4, Insightful

    "According to Kaspersky, stopping ransomware-based malware in the future will require more effective law enforcement, the use of forensic software analysis to tie suspects to their malevolent creations, and possibly building restrictions into the Windows cryptographic software libraries used to create Gpcode itself."

    Then Kaspersky are idiots - any malware author with half a brain will simply statically link their code with a stripped down OpenSSL library.

  3. Re:Talking to the Police is a bad Idea on MI6 Terror Photos, Data Accidentally Sold On Ebay · · Score: 1

    And we all know since there's no specification for EXIF data that someone who has a vested interest in removing it would be unable to figure it out.

    I'm thinking aloud here, but - JPEG is a lossy alogrithm with all sorts of things you can tweak in terms of image quality. And image sensors on cameras never give you a perfect image - there's always a certain amount of noise. The processor on the camera generally applies some sharpening as well. I wonder if, given a JPEG image straight off the camera with EXIF information removed, it would be possible to deduce the make/model?

  4. Re:Erm...Layers? on Council Sells Security Hole On Ebay · · Score: 1

    The DMZ border gateway is application layer aware (it can proxy for multiple services behind it, rather than simply either routing requests or passing requests back). It sanitises all traffic to and from the VPN - if theres no reason for a VPN client to be doing something (scanning all your ports, sending out traffic to any machine other than a server for example) then theres no reason to actually allow it.

    Ah, fair point, I hadn't thought of that.

    Though with so much malware spreading through perfectly legitimate means of communication (eg. email, existing Windows shares), I can't help but think that this would be of limited value in the real world.

  5. Re:Erm...Layers? on Council Sells Security Hole On Ebay · · Score: 1

    The VPN puts people into a DMZ for precisely this reason, and then you have to authenticate with the DMZ border gateway (firewall in other words) for any access to backend resources. Never, ever, should a VPN put you directly onto the trusted LAN - you don't ever trust the other end of the VPN, the 'dumb' office worker may have a virus infested home network.

    Not quite sure how well this will prevent anything - as soon as the user's authenticated with the DMZ border gateway then any viruses can traverse the VPN tunnel.

  6. Re:Infamous programmers on Becoming a Famous Programmer · · Score: 1

    And I'm sure that such a list wouldn't attract even the remotest bit of litigation in a country like the US.

  7. Re:Linux?? on New Approach To Malware Modifies Linux Kernel · · Score: 1

    I really don't think Linux has problems with malware.

    Yet.

    Not a lot of /. readers seem to know this but (whispers) most modern Windows malware doesn't depend on the user having administrative privileges.

    IOW, a program which, when executes, deletes all your documents then emails itself to all your friends can exist just as easily on Linux as it can on Windows. About the only thing preventing that right now is that nobody's got around to it and it would still require some effort on the users part because AFAIK no Linux mail client will perform file(1) on attachments and chmod u+x them where appropriate by default.

  8. Re:Huurah! on US Senate Passes PRO-IP Act · · Score: 2, Informative

    I'm fine with it as long as this sort of thing stays in the USA.

    It'll just make other countries relatively more competitive.

    Depending on which country you're in, you may or may not be fine.

    Europe will probably enact similar legislation 5-10 years down the line as a European law. Expect corresponding laws in EU member states to ratify these on a per-country basis after another 2-3 years.

    For many parts of Africa, "being less competitive than the US" is the least of their problems.

    For the middle East, any countries the US considers even remotely likely to become an economic threat may expect diplomatic measures and/or cluster bombs. If there's oil involved, you can confidently expect the diplomatic bit to be bypassed.

    Regarding the far East, many countries are already far more competitive than the US and the US is buying so much from there that they can neither bomb you nor enact economic sanctions without causing themselves more harm than good.

    In terms of major areas, this leaves South America, Canada, Australia and the poles. I don't know enough about any of these regions to comment.

  9. Re:Does it support IMAP IDLE? on Google Unveils First Android Phone · · Score: 1

    They support IMAP. But not IDLE.

    Sorry, looks like I was wrong about Apple, but the others do support IMAP IDLE with their starndard apps. The iPhone may need to be jailbroken, and have a 3rd-party notifier.

    Thats all you need - a small program to keep an IMAP IDLE connection, and then launch your preferred mail app when it detects new mail.

    Nah, I've tried that. As often as not the telco breaks IMAP IDLE, even if it's over SSL - I think they're just dropping connections which aren't in regular active use unless those connections are to something that they know would get them in trouble with subscribers (eg. ActiveSync which takes place over HTTPS).

    Spend any length of time dealing with telephone companies and I guarantee you won't put such behaviour past them.

  10. Re:Does it support IMAP IDLE? on Google Unveils First Android Phone · · Score: 1

    Then why the blazes do so few pocket PC-style devices support it?

    Its an old protocol. Lots of devices use it. Symbian phones, Nokia N8x0, Palm Treo, iPhone even.
    When you say "pocket PC-style", do you mean Microsoft?

    They support IMAP. But not IDLE.

    I would also point out that DNS is 24 years old....

  11. Re:Does it support IMAP IDLE? on Google Unveils First Android Phone · · Score: 1

    though the server doesn't send the email itself, the client still has to request it

    Thats no different to any other "push" email.
    The client initiates the connection - "here i am", and the server starts sending packets when an email is received. With IMAP IDLE, the client could be waiting many minutes for a reply packet.

    Then why the blazes do so few pocket PC-style devices support it?

  12. Re:People aren't idiots, people are people. on Popup Study Confirms Most Users Are Idiots · · Score: 1

    Not with computers it isn't. I work in end-user support, and, while I see people genuinely confused by shitty software sometimes (it does happen), many, many people who can't use a computer effectively are in that boat because they won't try. They've convinced themselves that the computer is a magic black box, and they can't learn to use it no matter what they do. These people are truly idiots, and it's a waste of time to try to hold their hand. Save your effort for the people who try to work with you.

    Obscure error messages which frequently pop up when they're not needed, wizards which exist for no other reason than to force the user to click "Next" a few times, error messages which are very important but virtually indistinguishable from error messages which just exist for the sake of it, messages flashing up in the bottom-right hand corner and disappearing before you get a chance to read them. Most modern user interfaces are a mess like this - both on Linux and Windows.

    Mac OS X is slightly better in this regard - at least most of these annoyances are generated by third-party apps rather than the operating system. But there's plenty of third-party apps which are just as bad.

  13. Re:The users aren't qualified to make these decisi on Popup Study Confirms Most Users Are Idiots · · Score: 1

    In short, in two or three generations when all the people who don't know basic computer security and operation have died, and not being able to spot a phishing scam will be looked upon much the same way that being illiterate is now, then the problem will have fixed itself.

    This is a variation on the old "Education is the solution!" mantra (which actually isn't too far from the conclusion reached in TFA).

    There's only one minor problem with this mantra.

    It's balls.

    Albert Einstein is popularly attributed with saying that "Insanity is doing the same thing over and over again and expecting different results." Well,
    we've been trying to educate people to RTFError Message over and over again for years. Why do you think that one day we'll get different results?

  14. Re:Even more importantly... on Popup Study Confirms Most Users Are Idiots · · Score: 1

    At the same time, another common Windows flaw is to make error messages non-specific, and that provides absolutely no advice what to do to prevent the error. Something like "A file could not be read." doesn't actually help at all to solve the problem.

    OS X can be even worse in this regard, particularly when you're troubleshooting L2TP/IPSec VPN connections.

    The aggravating thing is when you know full well that it's technically possible to know exactly what the error is, the only reason there's no way of finding it out is because the developer was too damn lazy to include a "More detail..." button on the dialog box or even write to a log somewhere so instead you have to guess what the problem is.

  15. Re:Even more importantly... on Popup Study Confirms Most Users Are Idiots · · Score: 2, Insightful

    I can understand this, but what still amazes is me is that people deduce that because the error message doesn't mean squat to them, that it doesn't mean anything to anyone, so they don't even write it down, and then they expect someone like me, later on, and even over the phone, to tell them what it meant!

    I'm generalising horribly here, but please bear with me.

    You would not believe the number of people who basically judge everyone based on themselves. It's like a slightly more sophisticated equivalent of a small child deciding that if they can't see you, you can't see them and so they can make themselves invisible by closing their eyes.

  16. Does it support IMAP IDLE? on Google Unveils First Android Phone · · Score: 1

    Serious question here - IMAP IDLE allows you to simulate push email because it keeps the TCP session live and the server sends a message to the client when email is received.

    Which is not a million miles away from push email (though the server doesn't send the email itself, the client still has to request it).

    So will this phone support it? It's depressingly thin on the ground in terms of phone support.

  17. Re:Influence on IBM Threatens To Leave ISO Over OOXML Brouhaha · · Score: 1

    Surely IBM will have more influence over future ISO decisions if it remains a member.

    Like the influence they were able to exert over OOXML?

  18. Re:Exchange does IMAP... and POP on Is There a Linux Client Solution for Exchange 2007? · · Score: 1

    So what's the big problem?

    You're assuming a couple of things:

    1. That the admin staff have left IMAP enabled. This is by no means guaranteed.
    2. That the person posing the question doesn't need anything more than basic email functionality and can live without the shared calendars.
    3. That Exchange 2007 supports IMAP IDLE (I really don't know myself). Without it, you're stuck hitting "Check for new mail" on your client rather than "refresh" in the browser - not really much of an improvement.

  19. Re:Oh great. on OpenSUSE Beta Can Brick Intel e1000e Network Cards · · Score: 2

    This doesn't look good for our cause.

    It doesn't, but it does get me thinking: Given that it's possible for a badly behaved driver running in the kernel to stamp over NVRAM rendering hardware useless, how many pieces of bricked hardware have I thrown out over the years that were bricked because of a freak coincidence involving a rogue driver?

    Bear in mind that many drivers in Windows run quite close to ring 0 of the kernel and they would be just as capable of causing such a problem.

  20. Re:This is a good thing. on Windows 7 Beta Screenshots Leaked · · Score: 2, Insightful

    (pity Windows programmers, in general, suck at following the >5 year old guidelines).

    And the rest. IIRC you couldn't even get a "Designed for NT 4" label if your software demanded local admin rights. (Of course, you could get a "Designed for Windows '95" label which was almost identical visually)

    In many ways it's a shame so few people (both individuals and businesses) continue to accept IT stuff (both software and hardware) which doesn't bear such labels. It might prompt developers to produce code that might be complete crap but at least won't stomp all over your system.

  21. Re:Oliver Twist anyone? on Playstation 3 Video DRM Only Allows One Download · · Score: 1

    How can an anonymous post be modded "Insightful"?

    That's like a comment on an anonymous post being simultaneously modded "Informative", "Underrated" and "Funny".

  22. Re:resistence is futile on Stanford Teaching MBAs How To Fight Open Source · · Score: 1

    That will compete? Maybe. That will compete well? That's another story. Photoshop is still worlds better than GIMP. There's still no real competition for AutoCAD. How are those open source games doing against their commercial counterparts?

    Thinking that open source is naturally better than closed source is just as foolish as thinking closed source is naturally better than open source.

    They're the obvious ones that may one day have a F/OSS product which at least comes close.

    How about a few non-obvious (but non-niche) products? I defy you to show me a F/OSS modular accounts/business management/payroll package which is within 100 miles of the commercial offerings such as Sage 1000, or even Sage 200.

  23. Re:This will hurt US international sellers and Eba on eBay To Disallow Checks and Money Orders In US · · Score: 1

    he has to call up the credit agency in its respective country and verify that the shipping address and billing address are the same. Interestingly enough, some banks (particularly in the UK) will flat out refuse to give you this information - even a simple yes or no response when you give them the address you have is against their policy.

    That's because the UK has legislation specifically blocking this - the Data Protection Act.

    I believe card transactions in the UK can be put through in such a fashion that the billing address must match the card's registered address or the transaction will be declined (and so if you enforce this, the next logical step is to only ship to the billing address) but I don't know if this works internationally. Probably not because there isn't an international standard for how addresses should be written or communicated.

  24. Re:uhm yeah. i process checks for a living on eBay To Disallow Checks and Money Orders In US · · Score: 1

    and every day, companies send million-dollar checks through regular US mail to each other. and the system actually works pretty well. for 47 cents, plus envelope , paper, and special laser cartridges, you can transfer a million dollars. try doing that on paypal, or setting up eletronic systems to do that, and now try to keep those systems secure. now try to do it for 47 cents per transaction.

    Er... cough cough

  25. Nice idea, totally unenforceable on Nevada Businesses Must Start Encrypting E-Mail By Oct. 1st · · Score: 1

    Don't for one minute believe that this idea is enforceable on a widespread basis.

    Here in the UK we've got the Data Protection Act (which doesn't specify "encryption" but does specify "reasonable care" and the watchdog tasked with monitoring compliance describes using encryption as an example of "reasonable care") and yet there have been loads of instances where personal data has been compromised.

    The purpose of a law like this is to give the judiciary something definite to charge someone with when the inevitable data losses take place. It might be difficult to prove carelessness if a laptop with just a Windows password is stolen because a lot of people aren't aware of how easily compromised that is. However, if suddenly your IT department can legitimately be asked to stand up and testify as to whether or not they provide any means for end-users to encrypt customer data then suddenly it's a lot easier to determine guilt.