Slashdot Mirror


User: billstewart

billstewart's activity in the archive.

Stories
0
Comments
7,948
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 7,948

  1. So make sure it *is* a full CD or memory card on What's On Your Thumbdrive? · · Score: 1
    It's easy to make sure the CD is full - just copy a bunch of non-sensitive content to it, such as a copy of your MP3 collection, so if there's hostileware slurping your CD, it'll have something to keep itself busy, and if there turns out to be nothing wrong with the machine (or something *else* wrong with it), you've got some tunes to listen to.

    Obviously this works a lot better with slow mechanical CDs or DVDs than with flash memory cards, which are a lot faster. It doesn't hurt to put in some canary files - filenames and content you can easily search for - though of course the slurpware could obscure the name or put its booty into an encrypted format that you can't see.

    And there *are* non-malware reasons for a system to automatically copy the contents of any small USB memory drive that's put in it - it's helpful friendly applications that are designed to sync the contents of cameras or MP3 players or whatever without bothering the user with some popup GUI interface. Whether that's a good idea or not is a separate question from whether somebody's decided it is and sold one.

  2. Cardboard cutouts of CowboyNeal ! on HP Baited With Cutouts of Founders · · Score: 2, Interesting
    Sure, Bill, Dave, and the Sun Founders were all once very important here in the valley,
    as were DEC, Compaq, Tandem, and everybody else absorbed by HP and Sun,
    but they represent the 1970s and 1980s computer booms and the late-90s servers.

    For this decade's cardboard cutouts, we need Web 2.0 figures, bloggers, and user-created-content wranglers, and I say who better than our own CowboyNeal!

  3. USB Thumb Drives Spreading Viruses? on What's On Your Thumbdrive? · · Score: 1
    Sure, they're great for hauling around your *anti* virus software, but thumb drives are also great for propagating viruses, at least if any of today's malware-kiddies decide to go old school and modernize the old floppy-disk sneakernet viruses. I work with a bunch of sales people, and when they're going out to do a presentation to a customer, many of them will put it on a USB thumb drive so they can give it to the customer or play it on a customer's video-projector PC in case that's easier than getting their laptop to talk to the projector. And it's always the PC in the conference rooms where all the other visiting sales people bring *their* USB drives and viruses...

    So far I'm not aware of any of my folks having problems, but it's only a matter of time, and it only takes *one* person whose kid is a gamer or warez kiddie for the virus to get going.

  4. Oh, you mean Knoppix? :-) (or BBC) on What's On Your Thumbdrive? · · Score: 4, Insightful
    Knoppix on a CDROM is a really convenient solution to a lot of Windows problems.
    Boot it up, check the hardware, check the partitions, replace broken files,
    and of course copy the important data off to a USB shoebox drive
    (or to a CD/DVD if there's a second drive in the machine)
    before doing any more serious maintenance. I've had to do that routine a few times.

    The old "Linux Bootable Business Card" was a much smaller distro
    that fit onto one of those 50MB truncated-small-CD formats,
    and had a bunch of repair tools.


    And of course thumbdrives can do the same thing,
    but you need to be Really Really careful about viruses,
    not only because we're reinventing the floppy disk virus vector,
    but because one of the times you really need this sort of tool
    is when a machine might be infected - CDROMs are really safe.

  5. You're the ideal victim for these spammers on Buy Low, Spam High · · Score: 3, Insightful
    Sure, there are people who actually believe the H0t St0xx T1pZ they receive in their email, because if the saw it on the internet it must be true, but (while remembering Mencken's advice) I'd hope that they're not the majority of people who buy the stock.

    People like you who *know* it's a scam and are trying to get ahead of the other suckers are an even better market - as with the Nigerian-corrupt-official scams, you not only get duped, but you're in no position to bitch about it :-) It's basically like trying to be in the early phases of a Ponzi or pyramid scam.

    Unlike the other scams, it is possible to make money on this by selling short, but if the scammer's only making 4-6% on the deal, it's pretty risky, and it may be hard to get brokers willing to do short sales on worthless penny stocks without paying enough in commissions to eat up your loss. On the other hand, it should certainly be easy to collect data on this kind of thing, because if you're like me, you get a couple of new stock scam offers a day, and you could track the prices after you get them.

  6. Felony is certainly appropriate here on Man Gets 6 Years for Software Piracy · · Score: 1
    The man made enough money selling ripped-off software to have to pay $4million in restitution, and while the article doesn't say exactly how much more he ripped off, that gives you an order of magnitude. If this means he has major problems getting a job, renting a house, or buying another Lamborghini, well, that seems perfectly appropriate. If he's a pariah because of his felony, it's not like he didn't earn it.

    The separate question of whether six years is an appropriate time in the slammer is harder to decide - car thieves do time even for non-violent theft of 0.1% of that much value. He stole about 40 person-years worth of salary from the companies, and he put his customers in a position where they've paid him money for software that may stop working if there's any license-validation and certainly won't get the support they thought they were paying for, so he's also ripping them off by selling them stolen property.

    Now, as an anarchist, I've got mixed feelings about "intellectual property" and "putting people in jail as revenge", but he's in no position to bitch about his sentence.

  7. Won't affect "buy cheap software" spam on Man Gets 6 Years for Software Piracy · · Score: 2, Funny
    I don't know if this scammer was also a spammer, or if he relied on legitimate advertising, but he was shut down in October 2005, so apparently he's not the one I'm getting most of my software-sales spam from. (Maybe they can go bust that guy....)

    ...

    (See, there are other ways to karma-whore besides making standard jokes about in Soviet Russia, our new %s overlords ..Profit! from You :-)

  8. iPod working again on LiveDrive vs GDrive vs Personal Data Storage? · · Score: 1

    Not that anybody cares, but after my iPod had a couple of days to dry out,
    it seems to be working fine again. Didn't even lose my music when
    iTunes wanted to update its OS.

  9. 1970s patents don't matter on Video Projector on a Chip? · · Score: 1

    Patents expire in 17 or 20 years depending on when they were filed and when the patent rules changed, but either way they're gone.

  10. You had to pick today to ask that... on LiveDrive vs GDrive vs Personal Data Storage? · · Score: 1
    I was carrying my laptop, securid-token, ipod shuffle, phone, and coffee out to the porch this afternoon, and the iPod slipped out of my hand and landed in the coffee. I fished it out and rinsed it in water immediately, but so far it's still Not Happy; plugging it into my laptop gets a message about a USB device not working correctly.

    Other than that, though, a 4GB USB drive is under $100 these days, and if you can avoid the evils of caffeine consumption, it's possible to load a reasonable Linux system, your data, and either a bunch of bloatware or a bunch of music on it.

  11. Also, 64-bit is Extra Wimpy on Debunking a Bogus Encryption Statement? · · Score: 1
    DES was really strong for an algorithm with a 56-bit key, and was really just fine for the 1970s, though by 1998 DES-crackers had become affordable. Most 128-bit algorithms that people use are reasonable high quality as well.

    But 64 bits? There are a few algorithms that have variable key lengths that work at that size (RC5 is pretty strong), and then there's DES where you're counting the 8 parity bits as part of your keylength, but most of the 64-bit algorithms I've seen were things people hacked together to deal with US export laws. One choice was RC-4 - it's a reasonable algorithm, and scales well, but there are things you're not supposed to do with it, and PPTP and WEP went out and did them. It's not as weak as 40-bit crypto, but it's still weak.

  12. Easy - but wrong... on Debunking a Bogus Encryption Statement? · · Score: 3, Interesting

    I hope you were suggesting the "Each bit doubles the strength" as one of the bogus assertions, not one of the true ones. For some kinds of algorithms, against some kinds of attacks, it's true. For algorithms like RSA and Diffie-Hellman that have some special properties to the keys, doubling the strength may require adding LogN bits. Some algorithms don't have variable-sized keys, and some of those that do aren't very good at using them - they're as strong as they are, and piling stuff on doesn't change the weaknesses, like rot-26. Some algorithms are groups - combining R rounds of N-bit keys just gets you the equivalent of one round with a different N-bit key.

  13. DES design issues on Debunking a Bogus Encryption Statement? · · Score: 4, Interesting

    The general opinion about why NSA pushed DES to be 56 bits instead of 128 bits is that "differential cryptography" attacks weaken it to about 55 bits anyway, so in fact you're not losing anything, and the 56-bit version was more compact and easier to implement in hardware. Searching a 56-bit keyspace isn't exactly in the reach of run-of-the-mill computers - you need a whole bunch of them working together to get any speed. On the other hand, Gilmore's custom DES cracker and the distributed crack are *so* 1998. I don't know how much ASIC technology has improved since then - Pentium IIs were up to 400 MHz, compared to ~3 GHz for a typical Intel desktop today, and memory prices and performance have also improved significantly, so maybe you could use 1/10 as many machines.

  14. Intuition doesn't work well in crypto on Debunking a Bogus Encryption Statement? · · Score: 3, Insightful
    Any sentence beginning with Seems like encrypting twice is likely to be doomed to bogosity, unless there's a later clause in it like but that's not what really happens. Crypto not only depends on a lot of deep math, it also depends on a lot of cryptographers spending time following bits around to see where they go and how to break them.

    Sometimes things do what your mathematical intuition tells you, if you're mature enough in the field to have a solid intuition, but often they don't. Problems can be very hard if looked at from one direction and very easy (or at least less hard) when looked at from another direction, and a cryptographer's job is to make sure they've checked out _all_ the directions because it only takes one weak one to break something. NP-complete problems are especially that way - they're potentially useful for crypto because there's one easy direction if you know the key, but many problems can't be transformed in a way that you can use the easy path and the attacker's stuck on the hard paths.

    But even the bit-twiddly algorithms, like most hash functions or the S-box building blocks inside Feistel-structured algorithms, can often be cracked by people examining them closely enough to find conditions under which they can deduce bits. For instance, MD5 is pretty much busted these days.

    And both mathematical crypto and bit-twiddly crypto has to worry about Moore's Law and brute force - some algorithms scale well, so you can double the strength of an N-bit key by adding 1 bit or maybe logN bits, while others don't, or they form groups so that encrypting a message multiple times with an N-bit key still only gives you N bits of strength (leaving aside pathological cases like rot13.)

  15. Anonymizing is hard to do well on AOL CTO Shown the Door · · Score: 1
    It's hard to take a data set of this size and depth and anonymize it wellk especially while still preserving the patterns of what individual users do across multiple searches. Any attempt to release this sort of thing should have had an extensive internal set of analysis and decisionmaking, and it looks like only a wimpy job was done.


    Some things are fairly obvious - take patterns like phone numbers and social security numbers and munge them, either to a single pattern like all-0s or at least to an anonymized pattern (e.g. renumber them starting with all-0s, so you can see if 000-00-0043 gets searched for multiple times.) Names and addresses are harder to recognize, and it's harder to decide the right thing to do with them.

    If you're willing to give up patterns of use by individual users, you can improve the privacy by sorting all the queries in alphabetical order, so you don't know whether User #12345 searched for "assassinate" "bush" "castro" in one session or whether three different people wanted information on JFK, Shrubbery, and gay San Francisco. Not as much fun for the researchers, but it gives them something.

  16. Crash of 87, and arbitrage in general. on Algorithmic Investors on Wallstreet · · Score: 2, Informative
    In the mid-80s, I knew a number of physicists who left academia (or Bell Labs, which was still pretty similar to academia back then) and went to Wall Street, because the kinds of mathematical models that some physicists use are similar enough to price flows that they were useful insight for predictions. One of them was lucky enough to get a job in September 1987 :-) Fortunately, he was able to keep it during the following month's crash - the Crash of 87 was allegedly largely driven by program trading.

    Another friend was a quant for a while around 1990. He and some coworkers found a few sets of patterns in the market that they were able to arbitrage - it makes you a pile of money for a short time, until the market adjusts to it (that's *how* efficient markets work - people find inefficiencies and exploit them, and the first people to find them can make money if they get back out again before everybody else stomps them.) Having faster computers means you can find and grab smaller inefficiencies and make smaller chunks of money off them sooner, leaving fewer big inefficiencies around.

    Of course, that doesn't let you predict whether or when Bush or bin Laden is going to pop up and say "booga-booga!" and jack the oil price or increase US government borrowing even more radically than predicted; you have to be an insider to get that, though it does help to keep a range of models around to predict the effects.

  17. John Doe Lawsuit can get you subpoena on Stolen Laptop Calls In! - Will Police Act? · · Score: 4, Interesting
    If Verizon requires a subpoena to justify violating the privacy of the person whose IP address you're interested in, and the police won't push the case enough to get you one, you've still got a tort action against the people who ripped you off. You don't know who they are, but you can generally file a civil lawsuit against "John Doe", similar to the way the RIAA files them against John Doe file sharers. That'll let you get the court to give you a subpoena, which should be good enough for Verizon's lawyers. You might or might not be able to do that in small claims court, depending on your local rules and the value of the computers; otherwise it'll probably cost you lawyer money, and therefore might or might not be worth it.

    Do move fast - if the thief sold it to somebody, it might stay there a while, but if they're just checking whether it works or seeing what they can find, they may fence it or pawn it.

  18. Chemical Alternatives on Are Liquid Explosives on a Plane Feasible? · · Score: 1
    While Perry's posting that Schneier quoted sounded awfully deep, I've heard a couple of alternative viewpoints. One issue is that he was discussing the feasibility of a plan based on the press's rendering of government press announcements. If you're in the technology business, you know how accurate the press when they report technologies you know about - and there's no reason to expect they're any better about technologies you don't know about, and there's certainly no reason to expect that the government wasn't, if not lying, at least "being economical with the truth" - not only to scare the public, but also to avoid giving future terrorists and wannabees useful information about what does and doesn't work.

    Mixing a two chemicals on the plane instead of carrying an annoyingly unstable explosive through airport security seems like an attactive idea, if you can do it. Using TATP instead of smuggling liquid nitroglycerin is also attractive, because current chemical detectors will pick up nitro, at least if they're being used frequently enough. So one question is whether you really need to do the low-temperature sulphuric-acid method to make your TATP; I'll leave that to people who know the substance in question, and reserve skepticism for the press reports that think it's easier than that.

    But there have been other chemists mentioning liquid+powder binary explosives, which are easier to mix than liquid+liquid+ice+acid. I don't know if they're realistic or not - they might be.

    And of course, it's easy to find binary mixtures to generate poison gas, if you want to take out the plane by killing the pilots instead of blowing up the plane. And fire's pretty easy, even though planes have lots of fireproof material - if you don't want to smuggle petroleum distillates, high-test ethanol is a good start, and you can easily disguise it as gin or lower-proof vodka(*).

    --

    (*)This is currently personally annoying to me - California forbids sales of 190+proof Everclear, and I was going to bring some back next for making herbal-extract liqeurs with the next time I was somewhere that sold it; the 151-proof just doesn't work as well, and now the Airplane Security types won't let me bring flammable liquids. Maybe in checked bags?

  19. Terrorists Gerry, Ted, Kim, Hideo, Dmitri, Yigal on Are Liquid Explosives on a Plane Feasible? · · Score: 2, Interesting
    So you're trying to say that all the terrorists are Moslems and most of them are Arabs and there's no ethnic or sexual diversity in the people who attack planes?
    • Gerry Adams of Sinn Fein may not be an IRA terrorist himself, but he knows some guys who know some guys, ok? He's Gerry with a G, not a J, but close enough, probably has some buddies named Frank, but certainly some named Mike and Pat and Ryan.
    • Kim "Crazier-than-my-father" Il-Sung just botched an ICBM missile launch, if you remember - AFAICT he was just saying "booga-booga-booga" so the world press would pay attention to him.
    • Ted Kaczynski sounds like a good Polish-American name, and one of the big excuses the US government used to rip off our civil liberties is because they were worried he'd blow up an airplane in addition to his sporadic bombings of University and Airline people. Another Ted, Theodore Gold was one of the Weathermen bombers who got himself blown up, and of course Teddy Kennedy has entirely no connection with anybody in Boston who'd give money to the IRA.
    • In April 2001, terrorists shot down an airplane carrying American Baptist missionary Veronica Bowers and her baby and machine-gunned the passengers as they left the plane after they crash-landed. The terrorists worked for the Peruvian Air Force's drug trafficker airplane suppression program, and were supported by a CIA spotter plane; shooting down unarmed civilian planes without warning is terrorism even if it's your own citizens you're trying to terrorize. I don't know the names of the terrorists, but presumably some Spanish, some Indian, and some Anglo names.
    • Everybody remembers good old white-boy Tim McVeigh, rejected by the Militia Movement for being too crazy, but trained by the US Army.
    • Shoko Asahara was the Japanese Aum terrorist cult's Guru, and Hideo Murai was his explosives chemist. That ought to cover your Yamamoto quota. They had a couple of guys named Dmitri in their Russian branch.
    • Yigal Amir assassinated Yitzhak Rabin to interfere with the Middle East Peace Process. David Ben Gurion was a bit out of your time period, but he and a number of other founders of Israel were terrorists.
    • Colombia's been full of terrorists shooting judges who mess with the cocaine trade - probably one of them is named Maria or Julia, or if not them, Peru's Shining Path have enough women to have those names covered, and while they may or may not have a Chang, they do call themselves Maoists.
    • Svensson? If anybody knows who assassinated Swedish Premier Olof Palme, they're not telling.
    • Croatians - During the 1970s and 1980s, you wouldn't see the work "Croatian" in the press without either "terrorist" or "ethnic dancers" attached to it - that only changes when the Serbians proved to be the even crazier part of Yugoslavia. The Bosnian Muslims were mostly the victims in that war.
    • Andreas Baader and Ulrike Meinhof were some of the leaders of the Red Army Faction. It hasn't blown up anything big since 1993 or assassinated anybody major since 1991, but it's still within your 20 years. And it was named after the Japanese Red Army Faction, just to maintain the ethnic diversity and keep up your Yamamoto quota.
    • Georges Schoeters was a Belgian who started the Front de libération du Québec in the 1960s. Pierre Vallières was an intellectual leader of that half-assed group, Francis Simard is pretty close to the Francois you're looking for, and they had some Yves's and Jacques's. Probably was a Guillaume in there somewhere. For a similar name, there's Guillermo Novo Sampol, a Cuban-born fascist-leaning terrorist who keeps trying to assassinate Castro, most recently busted in Panama in 2000. And a much earlier French program called The Terror was led buy guys with names l
  20. Ice as Treatment for RSI pain on Harnessing the Health Powers of Gaming · · Score: 1
    It's strange to hear about doctors giving kids computer games to reduce ice water pain - my doctor has me putting ice on my shoulder to reduce the pain and inflammation from RSI from too much computer use...

  21. AstroPhysics, not Taxonomy on Researchers Discover a Star's Minimum Possible Mass · · Score: 1
    The Planets-vs-Plutons argument is really about taxonomy - how to label things, and how people feel about them. The reason that the precise definition of a planet's size matters is that if you set the bar too high, then Pluto is no longer called a planet, and everybody who grew up learning that we had 9 planets gets told we only have 8 and gets really grumpy, but if you set the bar too low, not only does Pluto get bumped to being Planet 10 (because Ceres got promoted), but there's about 50 other things which is too many to teach elementary school kids the names of, and everybody gets grumpy, and on the other hand, if you get to add Xena as Planet 10 (or 12), everybody thinks that's cool. It doesn't tell you anything you didn't know about the planets we know, or let you predict anything useful about new planets we might find.

    But this new work actually tells you something about the physics of the star - if it's bigger than X% of the Sun's mass, it'll catch fire in a fusion reaction and be a real star, while if it's smaller than that, it'll wimp out. So if you're looking for new stars, you'll know better what to look for, and if you're looking at a gas cloud you can predict whether it might turn into a star in the next 100 million years.

    Where are we going? Planet 10! When? Real Soon!

  22. Indian vs. Chinese Telecoms and Censorship on Tibet's Mesh · · Score: 1
    From the article title, I also expected it to be about Occupied Tibet, probably Lhasa, as opposed to Tibet-In-Exile in Dharamsala. Tibet is of course one of the most heavily censored topics in China, after Falun Gong and maybe a few other thoughtcrimes, but it's not like India doesn't have censorship too - remember the recent blog blocking the other week?

    On the other hand, if they had Chinese telecom companies running it, they'd get much better service, even out in the hinterlands. I've dealt with both sides for various customers, and while China does have serious problems (more so with CNC than CT), they've got a much better understanding of the benefits to the country and the end users. China's basically a dual-monopoly environment, and they've been much much more competent than the Indian ex-monopolies.

  23. "2003 UB313" is Xena on IAU Proposes 3 New Planets · · Score: 1

    "2003 UB313" has had several proposed names - Xena was the internal name before they formally announced its discovery. Disney/Pixar had better leave it alone unless they want to be on the receiving end of some neo-classical whoopass....

  24. Pancreatic cancer is nasty stuff on Has Steve Jobs Lost His Magic? · · Score: 1

    I glad Jobs is still around at all - typically pancreatic cancer is the "dead in three months" kind. My father had a inoperable form that responded somewhat to chemotherapy, so he was able to last a couple years after the diagnosis - the chemo wasn't real harsh, but it was the "buy you some more time" type rather than something that could actually cure it, so he got to take a few trips with my mom and get his affairs in order.

  25. Looks like XP-on-Xen needs special CPU on VMware, XenSource Join Forces For Linux · · Score: 1

    Too bad :-) I'm running an old basic P4 Celeron, so I'll need something besides Xen. QEMU sounds like an interesting option, or else there's VMWare.