Slashdot Mirror


User: billstewart

billstewart's activity in the archive.

Stories
0
Comments
7,948
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 7,948

  1. ... except that you can't see it :-) on InvisibleNet Presents IIP · · Score: 1
    No IRC for *you*...

  2. IT BOFHs forcing software upgrades badly on Bugbear Windows Virus Making the Rounds · · Score: 2

    My organization runs almost entirely on laptops, and while most people work in the office some of the time, we also work from home on dialup, from the road, etc. Often the IT Central Planners are good about making sure their upgrades that require more than 1-2MB only get run on fast connections, but not always. It's really annoying to be on a dialup connection and have your computer want to download 10MB of antivirus definitions, even when you're not out visiting a customer. You *have* to give the user a choice. Unfortunately, yes, this means you need to get creative with a lot of these things.

  3. Spam isn't capitalism, mostly. on The Rise and Fall of the Geek · · Score: 2
    Spamming isn't capitalism (at least not usually). A high fraction of it is cottage industry, because it's simple enough that an individual craftsman can buy his own tools and work relatively independently, as opposed to traditional capitalism that requires larger coordinated labor and has equipment or other financial costs beyond what the average laborer for himself. (These days, with hardware costs going down rapidly, the "capital" in capitalism goes less to buying stuff and more to paying worker salaries while they're developing some product or other that the capitalist wants to spend risk capital on.) (None of this means that spamming isn't sleazy materialistic greed coupled with a willingness to annoy large numbers of people, but that's not the core value of capitalism even though it may be widely practiced.)


    There is a certain amount of capitalism in the spamming world - there are some big spamhauses that take advantage of economies of scale to get bigger customers for their services, or who provide services to small-time spammers - and there are some non-spam-based businesses that use spamming as a tool and do it themselves rather than hiring out (e.g. pr0n sites whose primary business is distributing pr0n, not spamming.) But the cost of communications is low enough that the cost of getting into small-scale and medium-scale spamming doesn't require the tools of capitalism to run a business.

  4. Re:Sorry, I don't buy it. on The Rise and Fall of the Geek · · Score: 2
    I'm not even that bugged by the predatory monopolistic practices, except for the relationship with their product quality. So many of their products over the years were Bad Bad Bad Mindbogglingly Bloatwarily Bad! And they used that badness to force you to buy upgrades - because their badness wasn't just about instability and failure to use knowledge that the computer community had accumulated over the years, it was about incompatibility. Each version of Office had some file formats that were sufficiently incompatible with previous versions that if people around you started using them, you'd have to upgrade too, just in self-defense. And that dragged along having to upgrade the OS. Some of the incompatibilities were blatant, like naming critical directories "My Documents" and "Program Files" with spaces in the middle, just to break programs that used 8.3 naming.

    Some of this just happened to them, forced by the market demands for backward compatibility which made it hard to get rid of previous decisions that had caused instability. But there was so much that was well-known about how to do things that they ignored - a friend of mine described trying to teach them about caching when he gave a talk there in the mid-80s ("How come Unix is so much faster at handling files - the hardware isn't much faster?") And some of it was trying to simultaneously look Just Like A Macintosh without looking like a lawsuit-attracting cheap knockoff of the Mac knockoff of the Xerox Star. And some was deadline pressure, and all that. But it was still so inexcusably bad.

  5. What Ozzy said about it on The Rise and Fall of the Geek · · Score: 1

    Something to the effect of "Just *once* you bite the head off a bat on stage, and people will never let you live it down"

  6. Re:Usual Suspects Haven't Gone Away After YEARS on SANS/FBI Release Top 20 Security Vulnerabilities · · Score: 2
    Gack. While I can't say I'm surprised, the right behavior is usually to "take out a contract" on anybody who teaches like that.

    From the user's side, yes, if you provide Garbage In, you should not expect Good Stuff Out, but from a programmer's perspective, for non-critical applications, the right thing to do is to return some kind of error message to the user, and for critical applications, it's worth spending the effort to find the best way to respond to bad input, since there are applications like controlling jet airplanes or chemical plants where simply printing an error message to the console isn't good enough. But the minimum acceptable behavior should be the applicable equivalent of the error handling in the old Unix "ed" editor, which responded to bad input by printing a "?" back to the user, who was presumed to know what he or she was doing and understand why the input was wrong.

    If you're running anything connected to the Internet, you have to expect more than just the Garbage In that you get from users making typing mistakes - you should expect deliberately malicious exploration of boundary conditions, and design your program to survive them. Otherwise you're just crunchy and good with ketchup.

  7. Usual Suspects Haven't Gone Away After YEARS on SANS/FBI Release Top 20 Security Vulnerabilities · · Score: 3, Informative
    Microsoft keeps thinking up new and interesting blatantly stupid security holes - bashing them is too easy, and getting them fixed it too hard, so I'll stick to bashing Unix systems and applications, which are not only expected to know better, but also to be able to fix things. Most of these weaknesses are the same fundamental weaknesses that have been around for decades The Morris Worm was almost 15 years ago.....
    • Buffer Overflows! If people are going to insist on using C to write important applications, they need to use libraries that check input properly if they're not going to do the job themselves! This is about the most basic bug you learn to avoid when you learn arrays, and C's pointers don't give you protection so you're warned to do it yourself where you need it.
    • Not Checking Input for Validity! This is about the second lesson in CS100 classes, or was back when I took them - Never Never Never trust that your program has been given correct input, especially input that cares about size and type.
    • Not checking for Cleverly Malicious Domain-Dependant Input - OK, some kinds of input checking go beyond the basics, but at least make sure not to let users provide input that uses ".." in directory paths or lets unauthorized people store important data.
    • Running things are ROOT that don't critically need to - Mail doesn't need to run as root just to deliver mail to mailboxes - group permissions with the application running as group mail works just fine. Web Servers doesn't need to be root, and DNS doesn't need to be root, and Printer Daemons don't need to be, and most ftp servers don't need to be (a few might). SSH probably does, but there may be ways to work around that.
    • Operating Systems that force applications to user root privileges - TCP and UDP well-known ports shouldn't need root permissions to run them, except perhaps in very special cases, and forcing them to have root permissions increases the probability that an inadequately-written application will be running as root instead of chroot-jailed.
    • Applications writing over their own configuration files - if you take advantage of operating system permissions, that reduces your need to defend against cleverly malicious input. Be careful out there, and use them.
    • Applications that force users to use too-short passwords - 8-character passwords have been obsolete for years. Even if you let users pick wimpy ones, at least don't *force* them to.
    That's certainly not everything, but it's an appallingly high fraction. Making sure applications don't run as root doesn't prevent things like mail viruses or web server viruses from flooding the net with bogus emails, but it makes it harder, and reduces the potential damage. At least practice enough basic hygiene that attackers have to be careful, creative, and hardworking....
  8. Weak passwords are a legit weakness on SANS/FBI Release Top 20 Security Vulnerabilities · · Score: 2

    Even aside from applications that still limit passwords to 8 characters, wimpy passwords are a real problem. Wimpy root passwords are the worst (do the password utilities still let root assign wimpy passwords?) but wimpy user passwords let attackers break into user accounts, which is a starting point for attacks on more serious weaknesses.

  9. C O P S on TV replaced by machines? on Law Enforcement by Machines · · Score: 1

    So great, we'll start seeing shows like "B O T S - Bad Box, Bad Box, Whatcha Gonna Do?" or "World's Scariest Red-Light-Runner Photos!"

  10. That's not really what they said on UUNET/WorldCom Backbone Diffiiculties · · Score: 3, Informative

    While the Wired News article says that some people were speculating that it was the Slapper worm, other people were speculating that it was a fiber cut, but it first quotes the UUnet page which says they're having a routing anomaly and that it was affecting multiple gateways. That means it's not likely to be a cable cut, because that would be more localized, and it's also not likely to be the Linux worm because the routing stuff isn't happening on Linux boxes - it'd be either Cisco or Juniper, and I'm not aware of any reports that the worm affects those platforms.

  11. One for work, one for Slashdot? on Ars Technica on Hyperthreading · · Score: 1
    Hey, there are lots of things you can do multi-threadedly. This way your Slashdot feed keeps on ticking even if you've got brief interrupts to do your real work, or vice versa. (Alternatively, you can leave one virtual CPU crunching prime numbers or space alien radio signals whil the other's doing real work.)

    Yes, yes, I realize you don't need hyperthreading for that and regular multitasking is good enough...

  12. May be back to Normal? on UUNET/WorldCom Backbone Diffiiculties · · Score: 2

    The page said that earlier, but when I did a reload just now, it no longer has that message - are things back to normal?

  13. Why they're cheaper on Cheap SSL Certificates for Small Websites? · · Score: 2, Insightful
    They acquired a lot of market share early on by getting installed as default roots by IE and Netscape and selling their certs much cheaper than Verisign. So Verisign bought them, but uses them as a lower-priced brand where that's useful for market differentiation, and it beats having them as a competitor.

    They've also done some innovative technology, but their basic raison d'etre was to sell certs for a low price, since the cost was also low.

  14. It's not running Linux!?! Win2000 or XP. on NEC Launches "PowerMate Eco" Green PC · · Score: 1

    Sigh. The machine's running a Crusoe, but it's packaged with Windows. LILO can fix that, but it'd be nice to save the cost of the extra OS.

  15. Run X Windows to reuse the screen on NEC Launches "PowerMate Eco" Green PC · · Score: 2
    Seriously, you weren't buying a 900MHz Transmeta box to run Gamez on, and X Windows is fast enough for displaying almost anything else. So you don't need to plug the screen directly into a graphics card, just run X to talk to your new fast CPU-server box. This also lets multiple people share the new fast box, which is good ecologically even if it's disappointing to the box-sellers.

    And you can also recycle the Windows Operating System when you do that, because you'll be using Linux.

  16. That's because it usually works well on Laser Vision Surgery for Developers? · · Score: 2
    If it didn't work at least pretty well for most people most of the time, it wouldn't have the wild popularity it does now, and if it worked really badly for a moderately large fraction of people, it wouldn't cost $500 because the malpractice insurance would keep the costs much higher - which would lead to fewer people getting it, leading to much less amortization of the machinery costs, which would make it even higher. People really love this stuff when it works, which is usually.

    That doesn't mean that it works for everybody, or that when it works badly it doesn't really really suck, or that the failure rates are 10%, 1%, or 0.1%. Perhaps the statistics are skewed, either because people who have trouble with it don't think reading Slashdot is worth the eyestrain, or because computer people are more likely to have eye trouble than and lots of disposable income than retail clerks, so they're more likely to get the surgery done and rave about it here.

    Disclaimer: My eyes are still running on original equipment, though I've had several friends who've really liked it, among a small enough sample set that the lack of bad experiences doesn't mean that the failure rate couldn't be as bad as 10%. I'm now at the age where my parents were regularly using reading glasses, and I don't find them helpful, much less necessary, so I guess I'm lucky here.

  17. Causes of action seem wrong here; jurisdiction on California Sues Spammer for $2 Million · · Score: 4, Informative
    The complaints in this suit seem really wrong for this kind of action. Civil suits brought by the state are often somewhat bogus, but perhaps they're appropriate for the cease & desist injunction part of the lawsuit. But they're asking for "civil penalties" paid to the state, in a civil action as opposed to a criminal action, even though these are basically fines for violating business regulations. Civil actions have a lower standard of proof than criminal trials, and that's Constitutionally questionable abuse, plus they're asking for the court to award the state the legal costs for prosecuting them. A civil action would be fine if the suit were on behalf of the people being spammed, and the monies collected went to them, but that's not what they're doing. I'm not arguing that the alleged spam isn't sleazy spam that would be nice to prosecute under some appropriate laws, like fraud - it is. But this suit seems wrong.

    Also, there are jurisdictional problems - the State asserts that the defendants are doing business in Santa Clara County (northern California) so they can be tried there instead of down in southern California where they live, based on the assertion that spam was sent to email addresses in Santa Clara County - even though the one spam they're quoting in the complaint clearly says that they do business in Canyon Country, CA, and they don't list any recipients who live in Santa Clara county. That's basically equivalent to busting a snail-mail-order business from a remote jurisdiction because they mailed advertising postcards there.


    I haven't read all the business regulation laws referred to, so some of the sections are probably legally correct interpretations of some of California's really bad laws, but the processes still seem inappropriate. A couple of examples:

    • Second cause of action, paragraphs 17-18: California has a really obnoxious anti-privacy law making it illegal for anybody to get a mailbox without registering their True Address, which is presumably where they sleep. There have been a few revisions to it - if you're an Officially Registered Battered Spouse, the state will provide you with a mailbox, but you as a regular citizen can't use one. US Snail also has rules that you have to fill out a form when you get a mailbox from one of their competitors, and the state has rules that don't let you receive mail unless you've filled out their form.
    • Third cause - para 19-20 - looks like it regulates doing business advertising on the internet more strictly than doing business by snailmail or TV ads, and seems to clearly violate the Constitution's Commerce Clause which makes regulation of interstate commerce strictly a Federal matter, not a state matter - otherwise each state you want to have customers from could require you to get an expensive license.
    • Fourth Cause - it says they're misrepresenting the country they're operating from - but the complaint doesn't say what country they *are* from
      ("Canyon Country" is a city in Southern California), and if it's not in the US, it's not California's jurisdiction and California business regulations shouldn't apply to them.
    • Fifth Cause - the state argues that by doing many of these sleazy things, they've engaged in unfair competition - but they don't say who they defendants are allegedly competing unfairly with (other spammers? How is that unfair?).
    • Worse, in Paragraph F, it says that the defendants have used open relays in violation of Penal Code section 502 - but this isn't a criminal complaint, and allegations that somebody might be a criminal is really poor evidence in the absence of an actual criminal prosecution. It's especially tacky because they don't specifically indicate where the alleged open relays are or where the defendants live, which would affect whether a California penal code would have any jurisdiction over them.
    • The requested injunction complains about them making misrepresentations, but the only misrepresentations it's complaining about are the email and postal addresses used to send the mail and receive the responses - they're not claiming that the actual sleazy pitch is a misrepresentation, which would be an appropriate case for the state to be involved with.


    All told, it's a terrible case, and it ought to be possible to either find a much better set of sleazy spammers to make an example of, or do a competent and Constitutional job of prosecuting them properly

  18. The state wants it for themselves on California Sues Spammer for $2 Million · · Score: 2
    If you go read the complaint, the State, for no particularly good reason, wants to be the complainant, as if it were a standard civil lawsuit, but the penalties it's asking for are "civil penalties", which are pretty much the same things as fines but with a lower standard of proof.

    In other words, they want to Make Moolah Fast by suing spammers....

  19. Overture prices have declined a bit on California Sues Spammer for $2 Million · · Score: 2
    When this suggestion first came out a year or two ago, most of the top Overture.com bids from spammers were running about $4-5. Now there's one that's almost $4, and the rest are a few in the $2 range and most below $1. I don't know if this is because of a decreased effectiveness of Overture at advertising this kind of thing, or if spammers are just getting cheaper, or if the occasional slashdotting has beaten some of them into submission :-)

    I did notice a few of the Usual Suspects still there - maybe not as many of the same services, though some names sounded familiar, but many of the same harvester products. I don't know if the lists of "300 million brand-new verified addresses" have changed since then :-)

  20. CR-RW vs CD-R for operating systems on Mandrake 9.0 (Dolphin) Is Available [updated] · · Score: 2

    CD-R works on a lot more machines; unless you've upgraded all your machines, CD-R is much more portable. For a while the drives were more expensive, and slower, though they're pretty cheap by now. The ability to reuse the disk for CD-RW is theoretically nice, but CD-Rs cost ~US$0.15 on sale, or 0.25-0.50 not on sale , while the CD-RWs I bought the other day were about $1 on sale. I'd rather keep archives / backups / spares of my data around, and CD-Rs have become the new floppy disk. Also, you can't overwrite the things by accident.

  21. Re:But is it any faster? on Mandrake 9.0 (Dolphin) Is Available [updated] · · Score: 2

    KDE may be bloated, but GNOME was also bloated, and for both of them, the default window manages were big, fancy, overdecorated before applying skins, etc., bloatware, or (put more nicely) taking maximum advantage of Moore's law in RAM and CPU speeds to provide a feature-rich environment. But as other posters have said, if you want a lean mean windowmanager, there are plenty of them to go install.

  22. "The Ideals of Software Freedom"? Gnu's Not Linux on FSF Issues GNU/Linux Name FAQ · · Score: 2
    I look toward the FSF to promote RMS's ideas of software freedom, whatever they are at the moment. Many of them *are* good ideas. But they're not this only ideas of software freedom. In particular, RMS's insistence on mangling the the "Library GPL" into the "Lesser GPL" has irked me for a long time - there are reasonable reasons for taking that approach, even if he doesn't like them.

    The GPL is a useful tool for lots of objectives, but just using it doesn't make your work part of the GNU project - According to the FSF GPL FAQ, that only happens if the developers and GNU Project agree and the developers explicitly contribute their code to the GNU Project. This *has* happened with many of the programs that are commonly used with Linux, but also *has not* been done with many of the others, so they're Not GNU.

    The name GNU/Linux doesn't increase *my* awareness of software freedom - it increases my awareness of Stallman's goals of mindshare-hoarding. Has anybody done an inventory of popular Linux distributions to find out what proportion of projects have been donated to the GNU Project?

  23. thought we were more of an autonomous collective.. on FSF Issues GNU/Linux Name FAQ · · Score: 2
    This is partly a reply to TomMcK's signature, and partly to the topic of whether Gnu's Not Linux.

    It's one thing for the Gnu Public Virus to make everything it touches Free-As-In-Speech. But it's another thing to say that using the language makes you part of the GNU project, which is by definition Stallman and Friends. If I write a piece of free software as part of the GNU project, and they accept it, then it's GNU, but if I just write it and let the public use it freely (enforced by GPL), it's not theirs, it's *mine*. And if I write a piece of code and contribute it to the Linux community, and they pick it up, that makes it Linux. On the other hand, if RMS writes code for a project that's on Sourceforge, he's not contributing to GNU/Linux, he's contributing to SourceForge/Linux.

    Yes, I read the long bloody faq, I just didn't agree with it.

  24. It was Slashdotman and CowboyNeal what done it! on Public Domain Superheroes? · · Score: 2

    Arrrgh, we know who done it. But we're busy rewriting our SuperPowers to adapt to computer-age threat models, and we'll be back and kicking butt Real Soon Now. That's the nice thing about being Public Domain - Steamboat Willie can only do what his fat-cat employers want him to, but we can do anything we want!

  25. Re:What about Trinity? or: Don't try this at home on Top Ten Physics Experiments Of All Times · · Score: 3, Informative
    Fortunately, it was less earth-shattering than some people were worried about - there was some scientific speculation about the bomb doing Really Bad Things to the planet once the fission reaction started. Fortunately (though not surprisingly), it didn't, though we have had 60 years of having to worry whether the people we hired as governments are crazy enough to go nuking each other.


    On the other hand, fits just fine in a garage, at least in a big garage - some of the larger bombs were ~20 feet long, but most designs are smaller. THe uranium refinement equipment takes up more space, but they say that the centrifuge-based systems are a lot more compact and realistic than the huge UF6 gas-diffusion plants used in the first nukes.