Slashdot Mirror


User: billstewart

billstewart's activity in the archive.

Stories
0
Comments
7,948
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 7,948

  1. verisignsucks1232121.com, .net, .museum on VeriSign Responds To ICANN's SiteFinder Advisory · · Score: 1

    Somebody's already pointed out verisignsucks.museum, and there are a couple of smaller country domains that have wildcards, but it's important to try web pages like verisignsucks13213.com and email to them to remind them that it's a bad idea. And be sure to leave a pointer to some bogus Verisign domain on your web page so that spammers will waste their time checking it out.

  2. Security Disasters vs. UI Ugliness Messes on Linux Crypto Packages Demolished · · Score: 1

    The main article here isn't about security packages that are uglier than dirt, it's about "security" packages that are insecure. I'm not aware of significant security problems with GPG (as long as your trust models and operating environment are compatible with its requirements and capabilities), and you appear to be ranting about how ugly it is to use. Well, we all *knew* that...

  3. Re:Semantics nazis, not grammar nazis on Global Crossing (Nearly) Sold To Singapore · · Score: 1

    You could say that too. In any case, it's a penny on the dollar or a dollar on the hundred of what it cost to build, and the old GBLX company had all that debt to service, while the new owners don't.

  4. We *did* have problems in Panama! on Global Crossing (Nearly) Sold To Singapore · · Score: 1

    The problems weren't the Chinese interfering with shipping - they were Bush Sr's buddy Manuel Noriega getting too greedy and interfering with the cocaine trade. And all my politically liberal friends with their "Bush and Noriega in 1988 - A Crack Team!" bumperstickers helped increase the political embarassment he was causing, which led to a war that killed about 6000 Panamanians and helped rehabilitate the US military's political power.

  5. It's a terrible thing tor the US for other reasons on Global Crossing (Nearly) Sold To Singapore · · Score: 1
    It was never the US's to start with. It was Global.


    The *important* part of Global Crossing wasn't the Frontier fiber network and hosting centers - it was the huge underseas fiber network they built using modern technology, which had close-to-infinite bandwidth because of multiplexing. They and some of the other consortium-structured fiber companies were tying the globe together, which was a Great Thing, except they weren't financially sustainable, and the price of bandwidth has been in free-fall for a couple of years, just as cross-US bandwidth prices have been. So GBLX died, and refused an offer to sell itself to Hutchinson for $750M, and later had to settle for selling itself to Hutchison Whompoa for $250M, about 1% of their original value. Of course this means that Hutchison can cut prices even faster than GBLX could, because it didn't have their debt to meet (that's a big difference between a fiber infrastructure company, which sells its assets if it dies and a software company, which usually just vanishes.) And that was fine.

    The EVIL part of all of this is that the US government intervened politicallly, because they weren't going to get what they wanted from the Hong Kongers. They've got better political connections with Singapore, in spite of their favored customer being government-owned, and you have to expect that there'll be some eavesdropping that happens, and some refusal to sell to politically incorrect customers.

    Disclaimer: I'm not totally disinterested here: I work for a telecom company that does have more competition from Singtel than from Hutchison, but this is my opinion and not theirs. Singtel's at least a technically competent company, as opposed to the Bush Administration, who aren't competent about manipulating markets that should be free so they can help out their cronies.

  6. Semantics nazis, not grammar nazis on Global Crossing (Nearly) Sold To Singapore · · Score: 1
    What does "The US's Global Bandwidth" mean? It's *no* the US's, it's *global*. GBLX was originally a Bermuda corporation that was trying some new ways to finance the construction of undersea cables, and they've revolutionized the cost basis of the whole field by rolling out a lot of kilometers of new technology, which has essentially infinite bandwidth. Unfortunately, *lots* of people were trying new ways to finance things during the dotcom boom and the accompanying telecom boom, so GBLX is dead now.

    Being dead may kill a software company, but it doesn't kill a fiber infrastructure. That part is getting sold off for about 1 cent on the dollar, to people who are getting spending $250M to get a network that was worth $25B during its 15 minutes of fame. That means that the new owners can go sell this effectively-infinite bandwidth for much cheaper than the original owners could, and those original owners were already kicking the chair out from under everybody else in the business. If you're a consumer of international bandwidth, this isn't exactly good news, but it's certainly lots of fun.

    Also unfortunately, though, GBLX realized during the boom that to make any money on all this fiber, they were going to have to create lots of demand, and they were trying to do this by buying a data-center colo/hosting business (Frontier) that also owned lots of US fiber. Lots of other US fiber providers had also caught on to this, and there was a huge overbuild in that market as well. This helped GBLX die more spectacularly than they would have otherwise, if perhaps a bit later, but it meant that parts of them were now American owned rather than Bermudan, and many of their bankruptcy creditors were American, so this gave Bush a handle on them to block the sale to people who weren't his cronies and sell them to Lee Kwan Yew's cronies instead. Bad, bad, bad.

  7. Having the opposite problem with power features on Booting Linux Faster · · Score: 1

    I've got the opposite problem with the power features - most of the common distros come with them enabled, but the doorstop Pentium 60s in my lab don't support it, so if you leave the machine alone long enough, it will put the X screen into powersave mode - it knows the half about making it go dark, but not the half about waking it up again. Messing with X didn't seem to do the job well enough, and it was easier to recompile the kernel with power management turned off.

  8. 13MHz, 1.25 m, 204kbps, Nyquist vs. Shannon on Magnets To Replace Bluetooth? · · Score: 2, Informative
    You're right - it's 13.56MHz, which is a wavelength of about 2.5 meters, and they're claiming a range of 1.25 meters, which is .5 wavelengths (as opposed to pi*.5 wavelengths), so that's in range.

    The data rate is 204.8 kilobits/sec - I can't tell if that's bidirectional or shared unidirectional like Ethernet? However, you're wrong about your use of Nyquist's formula - that tells you that your pulse sampling rate has to be twice the frequency of a continuous wavelength you're trying to send (so your data rate needs to be N*2 samples/sec for a N Hz audio signal). This is the other side - Shannon's formula is that if you want to carry a given bit rate using an analog signal, the bit rate you can get is (IIRC)
    Bandwidth * log (1+Signal/Noise)
    which means that if your signal/noise ratio is arbitrarily good, you can get an arbitrarily high data rate

    The place that Nyquist bites them is that with only a 204.8 kbps data rate, it limits their audio capabilities. They're actually using 64kbps CVSD for their audio, which is kind of an odd choice of codecs - maybe they're sampling at a higher rate than telephony, or maybe they're figuring it will do less or different damage to the signal than the GSM or G.723 codecs used by the phone? In either case, CVSD is a simple codec that doesn't need much CPU horsepower, and a little better than ADPCM at that speed.

  9. 13.xMHz RF, 204.8 kilobits/sec, audio on Magnets To Replace Bluetooth? · · Score: 1
    It's currently designed for audio niche markets, because the interesting use of Bluetooth is cordless headsets, and that's where they chosen to add value to their system, but if you read Aura's web site long enough to find the chip specs, you'll see that it's getting a 204.8kbps data rate on the 13.xMHz ISM band, and using this with CVSD modulation to carry audio.

    So no, this isn't Firewire, or quite even Bluetooth - it's Almost Appletalk, but very low power cordless. However, unlike Bluetooth with works with 2.4GHz radio, this is working down at 13MHz where there's not much interference. I'm not convinced about its security claims, except that they can apparently do some modulation things to keep nearby sets of equipment from interfering, and the range is short enough that there's not much risk of it.

  10. Use the Power Save features on Booting Linux Faster · · Score: 3, Informative

    For the last N years, laptops have had a sleep/wakeup power-save feature. For the last N-2 years, it's generally worked well enough to be worth using all the time :-) Linux probably knows enough about power management for it to work on most laptops by now. Instead of shutting the machine down and rebooting it, you just close the lid and it saves its status and goes into some standby mode, and when you open the lid it wakes up again, where it left off, no need for reboot. On some machines, it also succeeds in doing this when the battery gets below X%.

  11. Fixing Corporate Culture and Values on Are You On Time To Work? · · Score: 2, Interesting
    Your organization has a far more important problem than late employees - it has a lack of understanding of what professionals are and do, and what developers are and to. You are a professional, and some of your managers are not (I can't tell which ones from your posting; sometimes it's just a bad boss in an ok company.) If you plan to keep working there as a professional, your number one job is educating your management and starting to lead from below. Given today's economy, the alternative may be to keep working there as an unprofessional, rather than quitting, but that's your choice.

    Some kinds of managers have personality types that are easy to educate, and others need to be tricked into letting clues sneak in under the radar; you'll have to figure out which this is. Part of being professional is working cooperatively and doing lots of communication, and you'll need to figure out how to do this without totally pissing off your boss. Another part of the problem is finding out what your organization's core values are (at minimum that's your boss, and your boss's boss), and making sure your giving them what they need while trying to get them educated. And you'll probably have to show up at 7:15 for a while until you've got them understanding that they're working together with you, not bossing you around, even if you're just making coffee and checking email.

    A typical kind of value that leads to this kind of behavior is that the boss needs to feel comfortable that work is being done, and doesn't feel that way when he/she doesn't see it, and for some of those people that means seeing bodies on chairs, but you can start to work on that with tools like progress reports, and the email messages that you're sending your boss in the evening indicating the items you need your boss to attend to the next day, and with bodies on chairs when *you* want them to be there, which means getting your boss sitting in the conference room when you and your co-workers are doing your couple-times-a-week status meetings at 5:30 PM or some other time that's half an hour after the timeclock-watchers expect to have left for the day, or making sure they're invited when you and your coworkers are going out for beer at seven to discuss the project status (and you've kept your boss at the office waiting for y'all.) Some of this is because you're trying to bring them into your value system, and some is because you're trying to create visibility in a friendly manner.

    Another thing you can start doing is having discussions with your boss about development and project management methodologies. What's your boss reading? What do you need to *get* your boss reading? One really excellent book on such things is "Peopleware", by DeMarco and Lister. The second edition's from 1999, but the first was I think mid-80s, when too many organizations still thought it was the 1950s. Another is to start looking at some of the "Extreme Programming" stuff - those people seem to like working 40-hour weeks. And some of the Myers-Briggs personality type stuff can be useful, because programmers and creative types are different from clockwatcher types, and sometimes they'll get that.

    Sometimes this is also an ethnic / cultural thing - I've found that the kinds of bosses who do that are often either Asians who haven't been around Silicon Valley very long, or else older white Americans who used to be in the military. You'll have to decide how to handle them, because it'll take longer for _you_ to find the values you share with them that you've got to ruthlessly exploit\\\\\\\\\\\\\ use to share your values with them. Sometimes it's a geographic thing also - at least in the US, people in some parts of the country get up earlier, and people from there don't always understand that not everybody's a morning person (that's another awareness thing you've got to work on, especially if, like 90% of programmers, you're not.)

  12. Clocking In is called "Billing" on Are You On Time To Work? · · Score: 1
    While the film adaptation of John Grisham's book "The Firm" did some appalling things to the plot, there were a couple of scenes that were priceless, particularly the one where Gene Hackman is getting Tom Cruise to understand how "Billing" and "Billable Hours" work in a corrupt law firm.

    If you're doing the kind of job where either your pay or the amount you charge your customers (internal or external) is time-based, timecards or automated recordkeeping systems are not uncommon. That's entirely separate from *which* hours you're actually working.

  13. Laws are locally dependent. on Are You On Time To Work? · · Score: 1
    In most of the US, you can treat an exempt employee any way you want, including treating them like an hourly wage earner -- you just can't treat an hourly wage earner like a salaried employee. There are some states where there are more or fewer rules about what it takes to be an "exempt" employee (might not be flat salary - sales people getting commissions or bonuses as well as salary are usually exempt also), but there's usually some salary level above which you're exempt regardless of other work conditions.

    Exempt employees are almost never unionized, and can normally be fired at will (at least until they acquire enough age or seniority for age-discrimination laws to kick in), and they can also quit at will (usually with some requirements for two weeks' notice), and if you treat them rudely you'll find that in a bad economy they'll jump ship for another employer the first chance they get, and in a good economy they'll jump ship first and find another job second.

  14. Two Definitions of Flex-Time on Are You On Time To Work? · · Score: 1
    There are two basic definitions of flex-time
    • Definition 1 for flex-time is "flex-time", as in "flexible about time".
    • Definition 2 is "Fundamentally clueless management is just as anal about timeclocks as ever before, but you have to start work earlier because the pointy-haired boss would rather work early-shift as well as feeling good about being buzzword-compliant".

    There are environments where you can't do real flex-time - assembly lines and basketball teams and such where you all need to be there at once, but the group as a whole may decide that they'd prefer to all start at 7:30 or 10:30 or whatever. If you've got that kind of environment, make sure that it's you and your coworkers deciding the time jointly. But that's not what's going on here.
  15. It's PINEing for the Fjords. on Buffer Overflow in Sendmail · · Score: 1

    But Eric\\\\Marvin, how did you get here to the Restaurant at the End of the Unibus?

    I waited....
    The first ten million bugs were the worst. The next ten million bugs were the worst too. After that it went into a bit of a decline.

  16. Sendmail.cf interpreters are wrong on Buffer Overflow in Sendmail · · Score: 1
    Sendmail.cf can be used to write Turing machines. Interpreting it isn't the best approach....

    For probably 95-99% of the users, though they don't have anything interesting in their sendmail.cf files except some anti-spammer configs they've added in the last few years (DNSBL checkers, etc.) Otherwise, it's a pretty straightforward set of features, defining what domain names they're accepting mail for and where the username database lives (e.g. if it's on LDAP instead of /etc/passwd.) The way you replace that isn't to build an interpreter, it's to write a native script for your new mailer.

    The main people who are likely to be doing sophisticated things with sendmail.cf are really big mail shops (who are bright enough to do new scripts assuming they documented the sendmail.cf adequately) and people using it to front-end MS Exchange to defend it from whatever brain-damaged problems they were having. The latter group either get sympathy (poor bastards) or admiration (wow! 6-12 month contract extension!), or both.

  17. Changed in 1988, also wasn't true before that on Buffer Overflow in Sendmail · · Score: 1
    People certainly *did* worry about security back when sendmail was written. Much of that worry happened over on the UUCP side, which was also a mess before Honey Danber.

    If it's not obvious, ARPA folks and defense contractors often care a *lot* about security (and Sendmail started before DNS did, so they ARPAnet wasn't .mil :-) If security was lax, it was because we were making more progress developing new technology and trying to keep it stable, but how to make things like TCP/IP secure was cutting-edge research back then, and we've learned a lot since. And remember Multics? Things were more relaxed over on the University side, though.

    However, in 1988, the Internet got a big wakeup with the Morris worm. Sendmail and Fingerd were the two main culprits (both with buffer overflow bugs being exploited.) Finger was nice, but wasn't important enough for people to keep it given the security risk, so it disappeared rapidly, but sendmail was too entrenched already, and kept getting patched and bandaided. It's also gotten a few rewrites over the years, but having a buffer overflow bug left after all this time is simply inexcusable.

  18. Sendmail's first worm was 15 years ago on Buffer Overflow in Sendmail · · Score: 1
    As somebody else pointed out, the Unix Hater's Handbook (which is really more the sendmail and vi and emacs hater's handbook) credits sendmail with providing convenient root access since 1983, which is now 20 years ago. The Morris Worm in 1988 used exploits in Sendmail and Fingerd to spread itself around, and was the first massive, Internet-slowing worm, though it wasn't computer-destroying or power-grid-disrupting. Of course, "massive" back then meant that of the 60,000 machines on the Internet, it was guessed that 10% of them got infected.

    Back in ~1985, Bell Labs had the UPAS mailer in V8, which became the System V mailer, which had a regular-expression-based simple scripting language and didn't run as root, so it was not only much simpler and cleaner to configure (seldom more than a dozen lines of config, and fewer if you didn't need UUCP), and wasn't a big gaping security hole. There was also smail in 1985. Unlike sendmail, the UPAS configuration file language wasn't something you could turn into a Turing Machine, but this isn't a *bad* problem :-)

  19. What *New* Things Are They Using It For? on Worldwide State of Broadband - S Korea, Japan Lead · · Score: 1
    Couch potatoes are boring. What are they doing with all this broadband that's *interesting*? It's nice that people are getting to surf faster by buying broadband, and that they can download movies and have the service a bit better integrated with their cable TV (in terms of billing and boxes and such), and I suppose games are fine if you're into that, and as an American I'm happy to see people in other countries doing things to annoy the RIAA and MPAA, but basically that's old hat.

    Bringing Internet access to campus computer centers made it possible for academics to invent all kinds of interesting communication early on, and commercial deployment of it made it possible for businesses to do interesting things, and bringing high-speed connections to college dorms brought us Napster and its followers, and so we'd expect that deploying the internet to large numbers of residences should let people develop interesting new applications also.

    So where are they, and what are they? In the US, the cable modem companies and too many DSL providers have the suicidally clueless idea that their customers should be couch potatoes consuming entertainment, rather than active users providing content or interaction, but most of the rest of the world lets you do what you want with your connection. Is gaming all that's happening, or is the fact that 150% of all Koreans are addicted to online games really a deeper and more complex social interaction (e.g. conversations in MUDs with better fragging?) that's deeper than that?

    Or are all the teenagers in Asia and Europe getting their interactivity from cell-phone texting and related services and the broadband is mostly left to improving the mundane stuff? Are people starting to build gateways between them? Will 802.11 suddenly create a new wave of wireless broadband in Asia to compete with the phone companies? (It's easier there than in the US, partly because of wired broadband usage and partly because of geographical concentration and population density, as well as because of provider policy stupidity.) Is broadband cheap and competitive enough that the providers won't worry about 802.11 tapping off customers?

  20. Broken Poll Web Site - Pay a Fine Too? on Russ Cooper's Internet Penalties Plan · · Score: 1

    If you're running a polling web site, and it's broken, which Russ's site is, obviously you should be paying the fine too, right?

  21. 450 miles to a tank of gas on Hybrid/Electric Vehicles: Should I Buy? · · Score: 1
    I get that in my 1987 Chevy Van. Of course, it really helps to have the 33 gallon gas tank, and the last time I could fill it for $22 was about 1974 :-) (Actually, in 1993 I was regularly paying 85 cents/gallon in California, so that was pretty close to $22.) It gets about 16 miles/gallon, with either its original V6 engine or the replacement engine I got at 110,000 miles.

    My previous van was a 1971 Chevy Van which I bought in about 1983, with the classic V8 engine. In the summer it would get 12 mpg, and in the winter it would get 8mpg if all 8 cylinders were working, 7mpg with 7 cylinders, 6mpg with 6 cylinders, and would just barely move when only 5 cylinders were working. So 16mpg all year is a big improvement :-)

  22. Really only Linuxes above 2.4.13 on Linus to SCO: 'Please Grow Up' · · Score: 1

    As near as I can tell from their claims, they're really only asserting ownership over kernel versions above 2.4.13 (which they distribute on their FTP site, at least as of a week or so ago), though they are trying to promote widespread FUD about owning everything from malloc() on.

  23. Server Hole Only, not Client or Protocol problem on New ssh Exploit in the Wild · · Score: 1
    The articles and patches all imply that it's a server-side problem only, and not a client-side problem or a protocol problem. So you'll need to upgrade your SSHD if you're running one, but you won't have to update your clients (e.g. putty on Windows, openssh if you're only a client, etc.)


    If I've missed something critical here, please reply, but it looks pretty well documented.

  24. verisign-sucks.net reaches them fine on Resolving Everything: VeriSign Adds Wildcards · · Score: 2, Funny

    I tried some obvious alternate spellings for Versign's domain name, such as verisign-sucks.net, and they do reach that page. Verisign-sucks.com doesn't get there, but that's because somebody's already registered it....

  25. Voles and Viruses on Xbox Auto-Update Blocks Linux Usage · · Score: 1

    I was planning to make some similar pun about voles being little rat-like rodents, so I went Googling to find out more about them. The third hit was a Nature article about how "Viral Gene Therapy makes male Voles more faithful and friendly". So if you want your VOLE to act nice, you'd better give it a virus.....