Slashdot Mirror


User: jimicus

jimicus's activity in the archive.

Stories
0
Comments
7,388
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 7,388

  1. Re:Interesting speculation on FBI Used Spyware for Online Search · · Score: 1

    M$ update, and the equivalent on other platforms, is a whopper of a back door. Why doesn't that "get out in the wild"?

    Because it's the kind of back door that the developers know full well is a risk, and so they design around that risk with things like digital signatures and techniques to confirm you're speaking to an authorised server. It's easier and more subtle to attack the weak link in the chain - the human being who's sat at the computer.

    It's a bit like how most sysadmins these days know that open ports on the firewall are a risk, so they minimise those - and instead the hackers go for the next easiest target, the website which was coded on the cheap over a few weeks by some kid fresh out of college and is full of SQL injection-type holes.

  2. Re:I'm skeptical on Hotmail Delivers Far Fewer Emails with Attachments · · Score: 1

    Email servers should not drop messages. Messages must land in some mailbox or they must bounce back to sender.

    Keyword here is "should". There's plenty of things can go wrong on a mail server which can stop that from happening - and the larger and more complicated the mail system gets, the more likely this is to happen.

  3. Re:AAC and MP4 on Do "Illegal" Codecs Actually Scare Linux Users? · · Score: 1

    Feels nice not to have software patents or DMCA-style laws over here, doesn't it?

    I don't know about you, but here in the UK the patent office has been awarding software patents for some time, claiming that the law is "unclear" (it isn't, it's perfectly clear, but some solicitors have obviously managed to muddy the waters) and the European Copyright Directive promises to do for copyright in the UK what the DMCA does in the US.

  4. Re:AAC and MP4 on Do "Illegal" Codecs Actually Scare Linux Users? · · Score: 1

    And this means that in order to advocate using Linux without any legal risk, I've got to explain to anyone who cares to listen that they'll have to re-encode what may be hundreds of CDs, throw away the perfectly good iPod which they bought only 6 months ago and replace it with something with all the size, weight and usability of a housebrick and never play DVDs on their PC again.

    Wow, what an amazingly strong argument! You've sold me. How do I install this Linux thing again?

  5. Re:Inflammatory misleading headline on Executive Order Overturns US Fifth Amendment · · Score: 1

    No.

    But if you take away the cutters, the man who was previously cutting does not suddenly find himself unable to spend any money, and hence unable to feed, clothe or house himself.

    Even if you trust the current administration to never abuse a badly worded law, do you trust the next administration? How about the one after that? How about the one that's in power 20 years from now? Individual laws tend to outlast governments.

  6. Re:Blatant slashdotted post... karma me up scotty on eBay Bargains Soon To Be A Thing Of The Past? · · Score: 1

    Cosmetics is an entire industry fashioned around this kind of kind of thing. Just because you think it's foolish doesn't stop it from being a valid business model which rakes in billions every year.

  7. Re:Blatant slashdotted post... karma me up scotty on eBay Bargains Soon To Be A Thing Of The Past? · · Score: 1

    It's not "manufacturer still makes $XX.XX from their product" which is the manufacturer's concern.

    What they're concerned about is the perceived value - how the rest of the world sees their product. Essentially, they're trying to prevent their product becoming a commodity - an item where the perceived value of one brand of product over another is practically nil and so there is no incentive for the customer to remain loyal to a particular brand. It's most common amongst companies whose products essentially are a commodity but they desperately don't want the buying public to think that.

  8. Re:15 years ago: on Microsoft Excludes GPLv3 From Linspire Deal · · Score: 2, Insightful

    GPL does something BSD doesn't. It levels the technology playing field, forcing companies to compete on services rather than products.

    Let's say I produce a brilliant product which once installed doesn't require a great deal of service. There's no sense in me basing it off a GPL project because then I'd have to make the source code available to everyone, and Fred down the road could undercut me because he isn't doing any development.

    Now, change that business model slightly. Let's say I contribute to a product, but my main business model is based around selling services and consultancy to go with that product. Now it doesn't matter so much if I use a GPL product because I'm going to make most of my money from charging consultancy fees to adapt it to specific businesses. In fact, there's something to be said for the GPL because it means that the product will wind up with my name all over it - so anyone who wants consultancy may well think of me first.

  9. Re:The GPLv3 works on Microsoft Excludes GPLv3 From Linspire Deal · · Score: 1

    Oh, so you've read the EULA for SQL Server then?

  10. Re:Oh no! on Police Given Access to Congestion-Charge Cameras · · Score: 1

    I think it's a bit alarmist to go on about Big Brother, privacy, etc when we're talking about cameras that are in the street, as if you'll be showering there or rubbing butter on your lover.

    Then you clearly haven't ready Nineteen Eighty-Four.

    I strongly suggest you do so before telling everyone that they're being alarmist.

  11. Re:No, *this* is the best part on Police Given Access to Congestion-Charge Cameras · · Score: 1

    Oh fantastic. I can just imagine the conversation now:

    Assistant: What do you want that petrol for?
    Terrorist: I want to blow up the infide.... er, my lawnmower.
    Assistant: OK then.

    Not to mention that nobody appears to have explained the concept of siphoning...

  12. Re:No, *this* is the best part on Police Given Access to Congestion-Charge Cameras · · Score: 1

    who, I would add, have clearly been watching too many films because they're under the impression that a car liberally doused in petrol will violently explode given the mildest provocation.

  13. Re:Balance of Power on Police Given Access to Congestion-Charge Cameras · · Score: 1
    Not nearly as simple as that, I'm afraid.

    There are enough loopholes in that law - particularly as regards law enforcement - that it's reasonably easy to work around.

    Briefly:
    • If the data they were to give you would wind up identifying someone else at the same time - they don't have to release it.
    • If the data, if released, were to have implications for an ongoing criminal investigation - they don't have to release it.
    • They're not obliged to keep the data they store forever, nor are they obliged to retain everything while they're in the process of handling your request. So if they have a policy of destroying data after 30 days, and a procedure which results in any such requests sitting around for 30 days, they're off the hook.
    • There's little onus on anyone to prove the existence or otherwise of such data. For some obscure reason, whenever there has been the possibility that an incident of the police abusing their power being recorded on CCTV, the appropriate cameras have "had technical problems". Not just occasionally, but 100% of the time. Odd, you'd think that the nation with more CCTV cameras per head of population than anywhere else in the world would have solved most technical problems years ago.
  14. Re:Too late... on eBay Bargains Soon To Be A Thing Of The Past? · · Score: 1

    Just how are they going to punish a suicide for breaking the law?

    The law in these cases only really works when the person breaking it follows a religion which has certain rituals associated with "what has to be done with your remains after you die in order to ". And it's simple: you don't carry out those rituals for people who have committed suicide.

    It only really works logically if everyone in the country follows the same variant of the same religion (eg. Catholicism) - and is thus perhaps more appropriate for countries where your religion is prescribed by the state.

  15. Re:Blatant slashdotted post... karma me up scotty on eBay Bargains Soon To Be A Thing Of The Past? · · Score: 1

    Then they'll resort to alternative means of keeping check on things.

    The most obvious method I can think of is:

    1. The contracts with the wholesalers/salons/other middlemen will include clauses to the effect that "anyone else you sell to is bound to resell at no less than our recommended retail price".
    2. The items will have serial numbers printed on, and the manufacturers will track who receives which items. Where it's not possible to print a serial number on the item itself (eg. on a cosmetics product), it'll go on the packaging.
    3. Now it's trivially easy to find out who's responsible for breaching their agreement and go directly after them, rather than the end reseller who never entered into a price fixing agreement.

  16. Re:Let's be sensible here on Will Security Firms Detect Police Spyware? · · Score: 1

    I think we went straight through tinfoil hat land and out the other side some time ago ;)

  17. Re:Let's be sensible here on Will Security Firms Detect Police Spyware? · · Score: 1

    Most of my methods work just fine with "retrieve the details during the following real life search". They may not be silent, but they could easily be "silent enough".

    Undocumented API: easy, just squirrel the data away in a part of the pagefile. Or some other inconspicuous area if the pagefile's been disabled. Same applies to any of the software mechanisms I proposed.

    Hardware backdoor: Flash memory is your friend.

    If you really want to get into the world of the absurdly paranoid, you could ship the information back over the power lines, in much the same way as ethernet-over-power devices work. Certainly doable if you've got a hardware bugging device on the motherboard and a suitable PSU - but then you're probably looking at something that would be rather difficult to keep quiet because of the amount of engineering (and hence number of people) you'd need to involve.

  18. Re:Without knowing much than what is in the articl on Major Security Hole In Samsung Linux Drivers · · Score: 1

    Never attribute to malice that which can be adequately explained by stupidity.

    Granted, that means attributing a pretty stunning level of stupidity to Samsung's driver engineers, but no more than I've seen from some drivers in Windows.

  19. Re:Handling Linux on Does Comcast Hate Firefox? · · Score: 1

    e) Then find out that your technician hasn't been trained in Vista yet
    f) And though they don't really want to say "We don't support Vista", they can't find anyone else who has
    g) It's all rather academic anyway, seeing as the OS isn't the problem - last night's thunderstorm is the problem. The router's fried.

  20. Re:They Don't on Does Comcast Hate Firefox? · · Score: 1

    Honestly, if you're running Linux in your home and nothing else, I expect you to be able to handle powercycling yourself and insuring that your computer is running properly (including checking your router, your ethernet card, and to make sure your DHCP client is running).

    Honestly, if you're an ISP, I expect you to be able to handle running a frigging DNS server such that it actually responds to DNS queries, rather than sitting there with its fingers in its ears saying *LALALALALALA I CAN'T HEAR YOU LALALALA*

    Why yes, I am a Virgin Media customer in the UK. Why do you ask?

  21. Re:Sharepoint!!!??? FSK ME!!! on NZ Outfit Dumps Open Office For MS Office · · Score: 1

    That would be the bloated pointless piece of crap which the business, for better or worse, has decided it needs and can find no suitable alternative which is as sweetly integrated with Office.

    IOW, while you're technically correct, you'll have to have a hell of an alternative lined up if the business has decided it definitely wants Sharepoint. FWIW, I think something similar could be said for Exchange/Outlook.

  22. Re:Let's be sensible here on Will Security Firms Detect Police Spyware? · · Score: 2, Insightful
    You're making an assumption: that malware would take the form of a simple executable, which the user has installed because they foolishly clicked on an email attachment.

    I can think of a few ways in which malware planted by a reasonably determined government could work with much lower risk of detection:

    • Hidden/undocumented APIs in commercial operating systems (note I didn't specify Windows) - will get 99% of suspects, and the police are well aware that there will always be a group that they have substantially less hope of catching.
    • Backdoor built into the OS at the factory. It's always been there, why should it be a concern to AV which generally looks for changes? For best results, "disappear" the development team once they've completed their work.
    • Backdoor in hardware - something like this, but etched into the silicon of the keyboard controller rather than a separate piece of hardware. Good luck detecting that without an electron microscope and substantial knowledge of IC design.
    • Backdoor is digitally signed - perhaps using this key - there's a pretty strong chance that most AV software will silently ignore anything that's digitally signed with a known key.


    Of course, most of these are a lot of hassle when it's substantially easier, cheaper and lower risk to simply do things the old-fashioned way - bug telephones and ISPs, put pressure on people who are somehow connected with the people you're investigating. Sooner or later you're going to have to gather evidence in a fashion similar to this anyway, because the question will arise in court - did you follow lawful procedures to get the evidence?
  23. Re:Brilliant! on Will Security Firms Detect Police Spyware? · · Score: 1

    Any AV company that co-operates with such a plan is incompetent.

    That largely depends on what their business model is. If it's "Produce a reliable means for our customers to detect and remove viruses", you're right.

    If it's "Produce a reasonably reliable illusion of security for our customers while ensuring the various governments of the world don't try and make our life difficult", you're wrong.

    Particularly if the second option can be taken without significant risk to the business.

  24. Re:This says something for PGP on Will Security Firms Detect Police Spyware? · · Score: 1

    I'm absolutely 100% certain that PGP (and, indeed, any encryption system) is breakable if you have physical access to the system.

    Even more so if you can get physical access temporarily (copy any private keys), install keylogging/certificate logging software (get any passphrases/certificates which may be necessary) then leave without a trace.

    Where things get really scary is if they're installing this software remotely rather than having to break into your house - that requires a lot less effort and can easily be done en-masse. Now I think of it, I've been receiving a lot of email lately claiming I've "been sent a greetings e-card" which directs me to a website which tries to install something....

  25. Re:Format on Microsoft Pledges Conditional Support for ODF · · Score: 1

    What "rich" means, for those who still haven't figured it out, is this:

    6 years down the line, assuming this is ratified as an ISO standard, when governments are starting to look for a new office package, one of the requirements will be "Can import and export documents in ISOxxx/xxx (where xxx/xxx is whatever standard number winds up being assigned to OOXML)". After all, it makes a lot of sense to store the documents which belong to the country in a standardised format and a lot of governmental bodies have been making noises in this direction in the last few years.

    Furthermore, they may well have been using Office 2007 for a few years and have converted all their old documents to OOXML. So practically every existing document is in a standardised, easy to open format.

    Or so they think.

    Now, I haven't checked it but I bet you anything you like the conversion process in Office 2007 is implemented as "save document in OOXML as one great big blob of text enclosed by tags which signify "format as Word '97"."

    Even if OpenOffice does gain OOXML support, it'll open these old documents, see the blob of text and do the best it can - but it'll never be perfect. In essence, the document format migration problem - the single biggest thing keeping people tied to Office - lives on despite the documents supposedly being stored in a standard format. Newly created documents may be easier to deal with, but there will still be a vast number of "converted" documents where it's not immediately apparent whether or not they'll import cleanly. OpenOffice will therefore fall down in the testing stage.