Slashdot Mirror


User: Antique+Geekmeister

Antique+Geekmeister's activity in the archive.

Stories
0
Comments
7,305
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 7,305

  1. Re:Here's his website on Student Faces Expulsion for Blog Post · · Score: 1

    My God, that's some of the worst design I've ever seen. Red print on black background, scrolling over pink background "objects" so that they're impossible to read?

    He doesn't need to be expelled, he needs to become a Slashdot website designer so his poor layout can wrench at the eyeballs of everyone!

  2. Re:Detection of such a scheme on US Government Fears China Bugs Lenovo PCs · · Score: 1

    Steganography back to the mother ship is trivial: hide it as mis-spelled web page accesses, or hide an encrypted TCP channel in a downloaded server or an officially signed patch to software included by the vendor, etc.

    But one of the big risks is the MS-Word originating and editing coompute information. Since this will be robustly authenticated with the system's private keys, it makes not just the IP address (as can be currently traced this way) but the actual CPU used for creating documents be verifiably traced through that system and every system used to edit it. The originating IP address has already been used to track a Word macro virus author in the Phillipines: what a great way to trace back MS-Word political text or even visa applications to the originating system!

    Another risk is the DRM: if you can only play your cheap DVD's from China which they have "helpfully" encrypted with Trusted Computing, and only play them with the Chinese player, how many overseas US military personnel are careful enough not to install the player for their cheap, purchased-at-the-food-market DVD of the latest movie pre-release?

  3. Re:Trusted Computing Bytes Back on US Government Fears China Bugs Lenovo PCs · · Score: 1

    Whoever the key escrow holder is, the chips won't be allowed to be exported if there's not a federal US backdoor to get the keys. That's fundamental to the technology being allowed to be exported. Even if the plants are manufactured in China or Taiwan or wherever to avoid US export encryption laws (which got ruled unconstitutional under the old Customs regulations, and were simply moved to Commerce to avoid the court ruling!), they won't get shipped without some way to get new keys or sign new keys via the appropriate court order. And with recently documented NSA behavior, you can bet there will also be ways to do that *without* a court order.

    What makes it even more fun is that lots of big companies have simply bent over for the Chinese government to access private user data upon request, including Yahoo and Google recently. So other companies, like Intel and Microsoft for the main TCP vendors, will have little excuse to try and protect the keys from anyone. Welcome to 1984, one more time!

  4. Re:Aw, these Americans... on US Government Fears China Bugs Lenovo PCs · · Score: 1

    Off-topic, but we helped put Al-Queada in power to kick out the Russians, because they were effective. The enemy of my enemy in this case turned out to be our enemy, too. I'm afraid we just did the same thing using Pakistan to invade Iraq: *Pakistan* is a country that's been selling weapons of mass destruction and the tools to make them, wholesale.

    Expect them to be as scary as Afghanistan became.

  5. Re:So... on US Government Fears China Bugs Lenovo PCs · · Score: 1

    What do you think "Trusted Computing" is all about? It's only partly about Digital Rights Management, as awful as that can be. By incorporating the encryption/decryption tools into the latest Intel CPU's, and AMD following up as fast as possible, they're providing robust security to encrypt the transmissions home for rootkits of all sorts, and to use the private keys of Microsoft or other cooperative vendors to install the rootkits on other's machines. And by keeping the private keys signed and owned by private bodies who have shown willingness to bend over for federal enforcement, such as Microsoft keeping the private keys to their software, and incorporating document authentication into Word documents with the user's or the computer's private keys, they make the original document traceable to a specific computer. By cross-linking it to the software update keys, they provide a means to track the physical location of the computer as well, using private keys that are obtainable without court order from private parties: they don't even need to leave a paper trail.

    This is a spy agency's wet dream, to remove anonymous communications from your enemies with some of their most commonly used tools. Moreover, its incorporation into the operating system itself discourages casual users from using more robust, open source tools, partly because of the extra effort involved, and partly because of the unconstitutional regulations about exporting encryption tools as a "munition".

  6. Re:Emacs and Ant on Should Students Be Taught With or Without an IDE? · · Score: 1

    Despite the claims, Ant cannot work on a large number of platforms because *Java* does not work on them. Many real-time OS's, micro-distributions, and several commercial grade high-availability operating systems simply do not have a workable Java for them to run Ant with, particularly for resource-starved systems but also for systems where Sun or IBM have never bothered to compile and distribute one. Becasue Java remains closed source, don't expect to see Java for them soon. And don't get me going on what "simultaneous compilation" really means at the operating system level.

    If the "IDE" class is actually a Java IDE class, fine, use Ant. But for a more basic development environment class, it's better to keep it simple and portable. Save Java IDE refinements for a more advanced or specialized class.

  7. Re:Emacs and Ant on Should Students Be Taught With or Without an IDE? · · Score: 1

    Good old "make" is to Ant what Emacs is to Eclipse, and people should learn how to use it first for the same reasons.

    Make is far more portable, runs reliably an many more platforms, and does not need the unreliable and closed source structure of Java to run correctly. Similarly, Emacs and especally vi work when a graphical IDE is infeasible or fragile and tend to block you from the useful underpinnings of the work. Make works when you can't afford Java for your environment, for performance reasons and weird limitations like cross-platform compilation, or because the variations in different Java Development Kits destabilize the project.

    If forced to use an IDE for productivity reasons, and they really are handy for big projects and debugging code dynamically, then start with the simple and portable ones. DDD, for example, is fabulous and quite portable, and works in a reliable way that commercial Java based debuggers can't hope to approach due to the Java platform dependency weirdnesses.

  8. Re:I say no IDE on Should Students Be Taught With or Without an IDE? · · Score: 1

    I built transistors (germanium diodes, actually!) It's helpful to understand how things really work, so that you can tell when the hardware salesman is talking complete nonsense or you can look at the physical layout of a system and say "this is going to have problems with too long of signal traces: go back and do it again".

    It also drives consultants nuts when I look at their complex customized GUI and say "it's not cross-platform, it's not ADA compliant because it relies on sound and badly formatted display that is impossible for text->speech synthesizers, the server-side runs only with an expensive and unstable backend database that is known to present a security problem, the fancy flash display that can't be skipped takes 3 minutes to download over a normal modem and can't be cached due to your settings, your URL's aren't bookmarkable, the back button doesn't work, etc., etc., etc." And that was on only one project! But to notice all those things, you have to have an understanding of how things really work. Focusing on a specific IDE too tightly can actually trap people from looking at the rest of the system.

  9. Re:Why bother? on Should Students Be Taught With or Without an IDE? · · Score: 1

    Don't forget to do it both ways, with witnesses, then show the "cheating" program to the instructor and the class. I almost got flunked for doing something like that because I explained, in my final presentation, how to get around the TA's awful security steps to get at the answers to all the problem sets, but also had a complete separate paper showing completely distinct ways to do the same problems which the TA had never discussed, which I had in hand to show the instructor directly to get my grade re-instated.

    If you have to tease the bear like this, make quite sure you brought a big enough shotgun to stop him when he charges.

  10. Re:Not at first on Should Students Be Taught With or Without an IDE? · · Score: 1

    Unfortunately, a lot of schools don't teach this way. It takes away from the certification tests, especially in the Microsoft certification courses and their like. They tend to ask highly specific questions that you can only answer if you spent the time memorizing the manual, not if you've spent the time to actually get things working. The result has been that a lot of "certifications" aren't worth the fake sheepskin they're badly inkjet printed on.

    It's also the source of a lot of absolutely awful Java and Perl code that we see today. It looks pretty in the IDE, but it doesn't check its error results and give useful messages, it uses very inefficient ways to do things that are cut and pasted from elsewhere, and it tends to be very fragile as the poorly documented "features" of functions get removed or added with the next software release.

  11. Re:The diplomatic response on The CVS Cop-Out · · Score: 1

    I see from the details of your note that you've been using Debian lately, where the current version of software is not integrated into "stable" until the actual version is deprecated by the authors.

    That kept happening to me supporting Debian users.

  12. Re:He needs to take some lessons from Steve Jobs on CNN Sits Down With Linus Torvalds · · Score: 1

    No, Yoda has better control of his verbs. Have you actually looked at the LISP that Richard wrote EMACS with?

  13. Re:Who's the leader? on CNN Sits Down With Linus Torvalds · · Score: 1

    Agreed. Richard is not always right, but he is definitely the prophet of open source software in the full sense of "open" or "free". Linux makes more money, is easier to talk with, and bathes more frequently: it makes him easier to interview. And the Linux kernel was the final missing bit of a full open source operating system. Just as Mitch Kapor stepped into the Lotus Notes project, finished it, and got credit for creating the whole business, Linus broke a pent-up logjam and gets credit for the resulting river.

    Linus is good and deserves respect, but iconifying him as the "leader of open source" confuses the matter.

  14. Re:DRM + Anti-piracy = improving? on Symantec Sues Microsoft, May Delay Vista · · Score: 1

    But Microsoft has a real history of stealing and breaking in the process. Take a good look at the MIT/Kerberos lawsuit, when Microsoft integrated Kerberos into their Active Directory system and apparently deliberately broke it to make it work only with Active Directory. Then take a look at the old DRDOS lawsuits, when Microsoft deliberately made their operating system whine if you used DRDOS as the kernel instead of the noticeably inferier MS-DOS kernel.

    Such behavior is exactly why the GPL exists: to prevent companies from stealing the good bits of software and making them incompatible with other software through concealed manipulation. Microsoft has been caught at it again and again and again: it's no wonder Symantec is concerned about them abusing the Veritas technologies, and taking advantage of it to optimize their own backup systems at the expense of third-party vendors like Symantec who see their ideas being stolen.

  15. Re:if I were a technology company on Symantec Sues Microsoft, May Delay Vista · · Score: 1

    They're like Wal-mart. If you're thinking of the next quarter or the next year, you want Microsoft to help you get your products sold. But the destructive abuse of the relationship, especially theft of trade secrets and business ideas to protect their own cash cows or their own divisions that may do similar work are so nasty that over the long term, they can destroy your company and move on to another sucker to partner with.

    It's great for VP's who pull in the stock money, know when to sell their options and how to hide their insider trading and go to the nice meetings in the nice locations: it's hell on the engineers who actually try to make things work, and it's vicious on long-term stock holders.

  16. Re:Irony! on Symantec Sues Microsoft, May Delay Vista · · Score: 1

    Please check your history. In many cases, the "email-borne viruses", actually called worms, are automatically opened by a set of extremely badly designed mail clients which were designed to present an "experience" to the user. Specifically, the trade-show demos where the vendor would show "this happens automatically!" to a bunch of sales and less sophisticated users would be very excited about the new "feature" that, like automatically executing .zip or .scr attachments, has turned out to be a really, really, really bad idea. They haven't required users to do anything special, just read or even download the email.

    Those badly designed email clients are usually called "MS Outlook", and they are the bane of corporate security. They also create a big chunk of Symantec's customer base.

  17. Re:By the time Vista comes out... on Symantec Sues Microsoft, May Delay Vista · · Score: 3, Interesting

    Oddly enough, a lot of my open source friends like to stay with older, more stable OS's and keep lamenting that particular new software "just won't run" on their antiquated systems. Often this is because their hardware is limited, but often it's because leading edge development goes down a lot of wrong paths: so they prefer extremely stable, trusted environments and only upgrade when absolutely forced to.

    This is particularly vital for so-called high availability and extremely large architecture systems for which companies pay a lot of money: it takes time to work out all the bugs in complex failover systems. The results are often unfortunate: basic system and debugging tools and especially security patches are not available for those systems. I'm afraid that XP and 2003 are going to be considered "good enough" for a long time, and if it's not, the open-source 64-bit operating systems will have gained quite a lot more market share.

  18. Re:Hasn't this already been written? on Computer Network Time Synchronization · · Score: 2, Informative

    I agree with you in general: the man pages for NTP are quite good. However, there are a few vagaries that I certainly hope this book covers: why you always want at least 3 upstream NTP servers and at least 3 local ones if you're maintaining them (so that the 2 good ones can outvote the confused one), how to gracefully monitor the state of the NTP servers (the Nagios plugins are quite good!), etc.

  19. Re:Why not wait to see if this is an issue? on Kororaa Accused of Violating GPL · · Score: 1

    The NVidia licenses, in particular, are a serious licensing problem. Their installer replaces the OpenGL libraries with a proprietary, closed source binary, and simply provides kernel hooks to access that set of drivers.

    The result is that the NVidia equipped kernel, according to the Linux kernel GPL license, cannot be distributed by the Linux kernel publisher. It must be installed on-site by the user. And NVidia's own licensing agreements prevent pre-installing it for others, because the user cannot normally click "yes" to the rather odd NVidia user license for others. If NVidia wants to play in the Linux and open source world, they need to follow the rules. So do OS publishers, and they learned that lesson with NVidia years ago.

    The combination is nasty. It's also why many serious Linux advocates prefer to use ATI cards to NVidia, because ATI actually publishes their specifications rather than hiding them behind that loadable kernel module licensing craziness. While it's good that NVidia publishes something for Linux, the licensing on NVidia drivers is nasty to cope with. It's exactly the sort of "we'll just use open source to get people to install our stuff, we won't actually open source our own tools" abuse that the GPL was designed to avoid or at least limit.

  20. Re:I do systems work for a major card issuer.... on The Economy of Online Crime · · Score: 1

    I took what you were saying seriously right up to that comment "Banks are actually very serious about stopping fraud."

    Nonsense! Given the amount of credit card and phishing schemes which the banks could shut down trivially and protect their customers, and the general ease of stopping most wholesale credit card fraud houses by applying existing law, they're not interested in fraud per se. They're interested in reducing their own fiscal bleeding from fraud: that means a very different set of priorities, such as spending as little real lawyer time on fraud as possible.

    Then you contradict yourself blatantly: "

    Yes, it's very nice that they have places to report phishing. It's also clear that that complaint box leads directly to /dev/null. The same sites exist for weeks and months, live and stealing credit card and bank account information, with absolutely no effort by the banks to actually shut them down. There is no evidence, whatsoever, that there is any serious effort to hinder, pursue, or convict such scam artists: it's the domain of the Secret Service as a form of wire fraud, and after my own attempts to get them involved in pursuing fraud,

    And no, the major issuers are not conducting a genuine informational campaign. They're occasionally sending out meaningless "be careful with your email" messages, but not actually building their billing messages or email warnings in such a way that they are difficult to forge, so there's still little way for a casual computer user to tell a phishing scheme from a real notice. And it's not hard to do! Flat text, with actually readable URL's, in a GIF of the URL address instead of in a clickable link so they actually have to type it, would help prevent a lot of this nonsense by teaching people that such links are suspicious.

  21. Re:Old scams are definitely still alive... on Tech Fraud Beating Out Social Engineering · · Score: 1

    Why do I suddenly picture an amazing CPR class scam at the University of Texas, involving a fraternity teaching "Natural Respiration" instead of "Artificial Respiration", a refreshments table with a lot of really cheap beer on it, and a webcam?

  22. Re:Perhaps this link is relevent? on Tech Fraud Beating Out Social Engineering · · Score: 1

    Oh, my. That *is* an excellent example of spewing technological mumbo-jumbo to hide the lack of any possibility of it working with claims like this:

    > But Media Fusion's Stewart says Nortel and others made the early mistake of
    trying to replicate telephone systems, which use radio waves to transmit
    information through copper wires.

    This is, of course, utter, utter nonsense. Telephony and its older ancestor, telegraphy, are not radio waves, they're low frequency electrical currents. They're carried by sets of electrons, not the photons of radio frequency signals. The following nonsensical spew about being able piggyback microwave frequency, speed-of-light transmissions on top of the existing power line structure continues with the nonsense.

    But it's technical enough sounding that a congress-person, looking for reasons to spend money in their district for improving the power line and getting votes for getting cheap broadband to people, could get sucked in: I'm amazed that it's gotten this far.

  23. Re:charge 'em on Cutting Off an Over-Demanding End-User? · · Score: 1

    That explains a lot about Emacs: I'd never thought of its obscurities as Richard Stallman, angling for support calls to get dates.

  24. Re:And we knew that GINA was going away for more t on More Headaches from Vista Security · · Score: 1

    Theo de Raadt is demonstrably one of the must flaming people on the net: his behavior and attitudes to anything that does not follow the Revealed Gospel of Theo in the book of OpenBSD is one of the things that actively drives people away from using it for anything.

    Fortunately, the OpenSSH developers seem to mostly ignore Theo and actually care about cross-compatibility.

  25. Re:At this point... on More Headaches from Vista Security · · Score: 1

    Many corporate accounts get sold a bill of goods, including new OS's on new hardware: reverting the hardware to an older, more stable and more supportable operating system is often expensive and laborious, especially when you have some MCSE consultant selling you a huge new package of demoware, such as a new MS Exchange server, that will "solve all your IT problems".

    I've watched this happen repeatedly where the new server is installed with a mandatory server grade license hot off the presses that it doesn't really need.