Slashdot Mirror


User: Antique+Geekmeister

Antique+Geekmeister's activity in the archive.

Stories
0
Comments
7,305
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 7,305

  1. Re:Monkey Island on Humor in Games? · · Score: 1

    Neverhood. Nothing I've seen beats the Neverhood game for incredibly funny and fun to play as well. The puzzles are good but not too wildly difficult, and the giant crab scene alone was worth the full commercial price of the game.

  2. Re:we shall port linux to it. on HP Dumps Linux for Windows XP MCE in New Media Player · · Score: 1

    Not after the repeatedly renamed Palladium project gets its hooks into the CPU itself, which Intel is already planning. What is it called this week anyway, "Trusted Computing"?

    Part of Palladium functionality includes control and authentication of the hardware to limit hardware capabilities, and key software functionality. For fairly obvious security feature reasons, this includes the boot loader! Without Palladium or "Trusted Computing" signed boot loaders, it's going to be very difficult to load anything other than Microsoft operating systems in these devices. Without Palladium signed access to the hard drives, it'll be even harder, and a bunch of hard drive vendors seem to have bought into the Palladium initiative.

  3. Re:Who says its illegal? on Cisco Source Code Up For Sale: Only $24,000 · · Score: 1

    This gets into stolen property and trade secret law. If you buy this stuff, or sell this stuff, and you know that it's not authorized by the owner for sale, then it's quite illegal for both the seller and the buyer. This is classic "stolen property" law, folks. Stop pretending you're in a university environment where your advisor tells you it's OK to install MS Office on all the machines because he "only uses one at a time" or because "the university has a license" which doesn't actually cover your lab, and try pretending you're in the real world.

  4. Re:buying stolen property? on Cisco Source Code Up For Sale: Only $24,000 · · Score: 1

    Intellectual property can't be considered property? Do you even read your own posts?

  5. Re:buying stolen property? on Cisco Source Code Up For Sale: Only $24,000 · · Score: 1

    You are mistaken. You "have" the material because you received stolen property, which is very much against the law. No one may bother prosecuting you until you exceed some practical threshold in, for example, trafficking in such goods, but it's certainly illegal. I have no idea where you are picking up your "net.lawyer" concepts, but wherever you're doing it needs a harsh education in how courts work.

  6. Re:Someone paying 24k on Cisco Source Code Up For Sale: Only $24,000 · · Score: 1

    There are two other reasons to pay the money and get the code.

    1: If you understand what the allowable syntax and limitations really are, you can program interfaces accordingly. This is amazingly useful when you have to create a new tool to configure a device.

    2: If you are a designer of switches and routers, knowing the algorithms and code tells you a heck of a lot about the architecture and allows you to steal the underlying knowledge to build your own better, optimized tools, and even cook the tests to show off your own systems to best advantage.

  7. Re:On the other hand on Security Responsibility Without the Authority? · · Score: 1

    Try telling the trophy secretary of the head professor that she has to change her password because it's been cracked, and she is not allowed to stick it to her desk on a sticky pad. And be prepared to lose your job for doing it.

  8. Re:Idea for Apple? on Working iPod Halloween Costume · · Score: 1

    Forget the Ipod costumes. Staff their sales booths with Helga the barmaid from that last photo, bringing out frosty cold ones and flashing her garters.

    That would sell some more Ipods to nerds.

  9. Re:False priorities on Security Responsibility Without the Authority? · · Score: 1

    Try it in academia, where security is considered antithetical to their desire to "share knowledge". The unwillingness to acknowledge the idea of malice on the parts of their own staff is also pretty shocking, especially when they sit around the coffee pot talking about how to screw other departments or projects. I swear, one of the big reasons they insist on avoiding security is to have plausible deniability when they or their grad students do something criminal.

  10. Re:Dictatorship on Security Responsibility Without the Authority? · · Score: 1

    You rely on the kindness of strangers.

    More seriously, you rely on the people who buy your equipment and services to pay the extra cost in an emergency for the extra bandwidth wasted and the downtime, because they refused to pay it up front. And you keep your resume up to date, because when it fails and you point out to them, in writing, where they told you not to do the necessary changes, they will fire you for exposing their stupidity in the review or lawsuits.

    Of course, their firing of you will be six months later, so you'll have time to go looking for something better.

  11. Re:Why silicon? on Optical Control of Light on a Silicon Chip · · Score: 1

    It's cheap, it's easy to machine into micro-structures like teeny-tiny little transistors and electrical components, and eventually you have to connect it to something else. If it's silicon the whole way from optical switch to controller switch to CPU to whatever, everything can be much smaller and integrated into the same component without extra places to connect devices to each other or have extra leads. Think the difference between transistors, millions of them on a chip for your CPU, and having to do it all with vacuum tubes. Silicon is your *friend* for teeny things.

  12. Re:Can somebody explain ... on Optical Control of Light on a Silicon Chip · · Score: 5, Interesting

    "Think again" is right. The electrons are involved in propagating a wave of electromagnetic energy, in ways that are fun to examine. But what you are describing is the average rate of travel of an electron, much like the average rate of travel of a lake: only a little bit of water goes in and out of it, on the average, so the average speed is very slow.

    The *wave* in the lake, however, is much faster, carried by particles that bounce around each other much faster. Typical propagation speeds of electrical signals in network cable is a significant fraction of the speed of light, roughly 75% of the speed of light for 75-Ohm coax cable as one example.

    Optical propagation in fiber-optic cable, which is what this new technology will be used for, is also limited to less than the speed of light. There, you get interesting effects because it's being transmitted through glass (or plastic for short cables), but still a significant fraction of the speed of light in vacuum.

  13. Re:Looks to be a Klik client? on Beware 'Fedora-Redhat' Fake Security Alert · · Score: 1

    It is stupid. It's a classic "script kiddie" tool, with little bits of different packages welded together with little or no understanding of how they actually work. This was not written by a devious or skilled hacker, this was written by someone used to succeeding in conning Windows users to send them passwords.

  14. Re:And so it begins... on Beware 'Fedora-Redhat' Fake Security Alert · · Score: 1

    Friend, you haven't been in the business that long. This stuff goes *WAY* back, at least to the era of VMS being considered an operating system. Having to recompile core systems and patches from scratch, as you suggest, is precisely one of the behaviors that encourages script kiddies to submit and successfully propagate this kind of nonsense. Few users at the start of their careers will have the skills to actually evaluate the guts of the packages they download.

  15. Re:Use SPF to protect yourself from phishing on Beware 'Fedora-Redhat' Fake Security Alert · · Score: 1

    Your points about the MAIL FROM are quite correct. However, the Microsoft reference isn't. Microsoft has attempted to hijack the development of SPF by introducing their SenderID software into SPF and taking credit for the original SPF in the process, and in the process making it proprietary and actually breaking it for people using the old tools. But it turns out that the developers and people writing the RFC's and proposals in Madrid finally gave up trying to integrate Microsoft's weirdness in exhaustion. Microsoft's addition of extremely bad, XML-based, user authentication keys signed by a central office and inserted into the email headers so you have to write a Microsoft patent-using XML parser into your SMTP server has been thrown out due to the encumberment. SPF where the final "Received:" line gets analyzed for connections that violate the sending policies of the upstream SMTP server, rather than the mail client's SMTP server, can still be done. But it's really a lot better to do it automatically at the SMTP server, as you mention.

  16. Re:Linux - Where the malware comes with the source on Beware 'Fedora-Redhat' Fake Security Alert · · Score: 1

    Actually, that's a damn good idea. For non-developer systems, such as firewalls, file servers, mail servers, etc., it's basic security to remove the compiler to avoid exactly this sort of local compilation, either by an idiot user or by a script kiddie's successfully installed package. Think of it as disabling an unnecessary network port.

  17. Re:wont work on Beware 'Fedora-Redhat' Fake Security Alert · · Score: 1

    I've used Gentoo, although not been a developer for it. The idea that you rebuild everything on the fly is not a good one, and encourages this sort of whackiness because to *get* the patches or the features, you often do have to go straight to some weird website out Timbukto and rebuild the tarballs yourself on the fly.

  18. Re:two good reasons on Beware 'Fedora-Redhat' Fake Security Alert · · Score: 3, Informative

    But slashdotting the misused domain will let the company hosting the fraudulent crap know that they should vet their users a bit more carefully, and let them know that they're hosting a *BIG* problem and may need to review their overal customer contracts to prevent this in the future. It also helps give the company incentive to prosecute, or at least sue, the jerk who set them up for this.

  19. Re:wont work on Beware 'Fedora-Redhat' Fake Security Alert · · Score: 1

    Unfortunately, a lot of Linux users like the gentoo approach, where you pull random stuff off of the net "because someone said it was good" and compile and install it locally, rather than installing signed packages or vetting the source of any tarballs you add to your system. This includes some Fedora and RedHat users, especially since Yum was never officially published by RedHat for anything other than Fedora, and since RedHat hasn't been publishing security updates for RedHat 9 or earlier for some time now.

    Expect a lot of newbie home administrators to get caught by this, especially at academic sites where an "open environment" and "fostering creativity" take precedence over stability and security and reviewing your code before you run it.

  20. Re:Um... No. on AMD's Personal Internet Communicator · · Score: 1

    You forgot power consumption. Electrical power consumption really matters to the third-world market.

    Does it have a USB port? If so, you can use that for the NIC.

  21. Re:Are you implying... on Good Bad Attitude · · Score: 1

    I'd love to reset the BIOS on Congress, and disable the RIAA/MPAA folks from legislating instanity right at boot time when the Congressfolks wake up in the morning. "RIAA who?"

  22. Re:Old school hackers vs. new school hackers. on Good Bad Attitude · · Score: 1

    No, I'm pretty grey and I've always been sanctimonious. (My friends will vouch for me on this.) Cause and effect here are somewhat reversed. People who notice why stuff happens and don't gloss over the details like "price" and "cost" and "stealing towels" appreciate the open source world all the more, and get more involved in becoming hackers to help support real development of cool stuff instead of just downloading it. The work ethic we share came first and led us to hacking (which is learning how things work and re-assembling them even better with new features), not cracking (which is breaking into systems).

  23. Re:VNC? on Which VNC Software Is Best? · · Score: 1

    First, the Windows X servers (and yes, they're called servers, whatever is actually doing the local screen display management is the server in the X world) tend to be unfortunately large, include dozens of stupid programs you don't want, and tend to be of pretty poor quality and reliability. And the few good ones are pretty expensive. I've been running into them for years. No, they've never worked well, and they do require you to install the X server software on each Windows box you wnat to be a remote client. With VNC, the vncviewer is light, fast, easy to install, and you don't even need it since you can use a Java capable browser instead. This is amazingly helpful if you're traveling and borrowing someone else's computer to do a remote VNC access to something you absolutely need to fix. There are security implications of doing that, but better to leave the potential hole of someone key-stroke logging your connection to the VNC server than not get the job done and not get paid for saving the system.

  24. Re:gpl on Which VNC Software Is Best? · · Score: 1

    VNC used to be built on top of MIT's X11 distribution, which had its own licensing. These days, I believe they're using Xorg distributions and the corresponding Xorg license, which is compatible with GPL software.

    As near as I can tell, they gave up on using the XFree86 code base when the XFree86 folks got rather strange about their licensing.

  25. Re:Windows Remote Desktop on Which VNC Software Is Best? · · Score: 4, Informative

    VNC is trivially tunneled over SSH, or over SSL for the Java-based server that allows a VNC session to be published to any Java-capable browser. That feature alone gets it a jusge bonus award over the other that require a client-end software package to be installed. Overall, it's not typically faster than an OS-specific client and server, but that cross-platform availability is a huge deal, especially if you're cheap and want to use it on thousands of potential servers in a corporate or large academic environment.

    Also historically, the original VNC was extremely robust over multiple OS's, very lightweight on your CPU on each end, and extremely forgiving of low-bandwidth connections such as modems. The Java based console is also being used by a bunch of blade server management tools to provide the IP-based console access to the individual blades.

    Last, VNC is ectremely useful for multiple console presentations, either with the other client's mice and keyboards disabled for the VNC session or with them active for shared screen use.

    Now, that said, VNC is not that secure in and of itself. There are various issues, such as its common use of high-numbered network ports and the unlikelihood of local firewalls to block them and the resulting ability of some smart-aleck leaving a VNC server running on your Windows desktop so they can observe you remotely because you're not clever or experienced enough to notice the little flag on your screen that says VNC is active. There's also its practice of insisting on storing a local user key for the VNC session: once someone has that key and either brute-force cracks it, or reads you typing in your password over your shoulder, they can take over any VNC server you might run.

    This is why some of us really prefer to SSH-tunnel sessions, so that all the X-windows traffic of VNC is encrypted, and so that it's much tougher to steal the passwords to log into such a connection.