Slashdot Mirror


User: m50d

m50d's activity in the archive.

Stories
0
Comments
6,913
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,913

  1. Re:Stupid, stupid, stupid.... on Old-Fashioned DRM Protects Harry Potter Book · · Score: 1

    The hurting sales I can accept, but I don't buy the line about "spoiling it for everyone else". The only way you would find out the ending is if you were looking for it.

  2. Re:Nice logic, but on Tear Down the Firewall · · Score: 1

    How? If you're going to do it by making all traffic pass through the firewall, you could do it more easily and securely by physically isolating the server. Though I still don't see how not being to access server B from server A is a risk when server B is publicly accessible.

  3. Re:Band-aid on Tear Down the Firewall · · Score: 1

    What I meant is that if the rootkit's sophisticated enough to avoid detection by my non-firewall measures, it's likely to be sophisticated enough to avoid detection by the dedicated firewall.

  4. Re:Supported hardware? on New Debian-based Enterprise Linux? · · Score: 1

    I can't imagine a real enterprise adding 20 mac minis to 50 x86 desktops. There are policies and things, if you did switch it would be the whole lot, and it would be a long term thing.

  5. Re:What was drupal? on Drupal Needs a New Home · · Score: 1

    The point is that html supports this handy thing called links. You have made good use of them, but the article submitter could have done so. If the average slashdotter is going to have to use google to find out what it is (and judging by the number of "what is it" posts, in this story they do) then the submitter should include a link to the relevant result.

  6. Re:some thoughts on Body Scanners for the London Underground · · Score: 1

    We believe in free speech. Free speech doesn't mean anything unless it includes the right to say unpopular things. On the incitement of hatred, for the overall good of us.

  7. Re:I love when this happens on Zlib Security Flaw Could Cause Widespread Trouble · · Score: 1

    Huh? USE=-static set, just emerge zlib, takes maybe 20 minutes on a slow system, and there you are. And it will be a faster version. The linux scheduler is good enough that if you run it at nice 19 the compile won't affect your use of the system.

  8. Re:Open Source zlib on Zlib Security Flaw Could Cause Widespread Trouble · · Score: 1

    No, they don't use "viral" open source. They're happy to take advantage of bsd-licensed code, like zlib, libpng, or the bsd tcp stack. And why not?

  9. Re:Modularised code will always have this problem. on Zlib Security Flaw Could Cause Widespread Trouble · · Score: 2, Informative
    I haven't used Python or OCaml, but if either of those languages can produce C-style .lib's, .dll's, .so's, .obj's, whatever, then they'll work as well from C.

    Python can't, at least without embedding the python interpreter in the dll.

    What's more, you say that C can work with (at least as a library) every other language out there. So what's the problem with a small C-language interface that just calls the Python function and returns the result?

    Any language supports calling C libraries from that language. You have to, because for many things the only library available is in C, and there are millions of C libraries. Not so many support calling that language libraries from C - why would they? A big part of their attractiveness is their extensive standard library.

  10. Re:Modularised code will always have this problem. on Zlib Security Flaw Could Cause Widespread Trouble · · Score: 1

    For zlib it would be too slow. This is an incredibly low level library. It's used in networking, so it has to run on routers. It's used in png, so anything that displays graphics has to be able to run it. There's really no alternative to C/C++, it needs to be crossplatform, complieable, and run on embedded systems. Maybe OCaml since that's compilable, but even that might have too much overhead, plus not so many coders know it.

  11. Re:You know its going to suck when... on New Debian-based Enterprise Linux? · · Score: 2, Insightful
    Or maybe they've put the effort in to actually get the two working and compatible?

    It can be done. I'm writing this on a slackware system that uses emerde. I can emerge or use gentoo binary packages for programs, and I can use slackware packages. The two fit together perfectly, the programs update the "database" of each packaging system from the other one. Although it would be harder with the more complex rpm and deb, I don't think it's impossible.

  12. Re:alt.binaries.e-book on Old-Fashioned DRM Protects Harry Potter Book · · Score: 1

    The interesting thing will be if it's there before release. Put it out on gnunet or freenet or something so you're untraceable, and there you go. I want to see someone do that, just because of the ridiculously ott "security".

  13. Re:Potter To The Sheeple on Old-Fashioned DRM Protects Harry Potter Book · · Score: 1

    I don't look down on people who read and enjoy the books. However, if you think it will somehow be better because you were up at midnight getting it as soon as it was released, you're an idiot.

  14. Re:Stupid, stupid, stupid.... on Old-Fashioned DRM Protects Harry Potter Book · · Score: 1

    Erm, if you don't want to know the plot, DON'T GO LOOKING FOR A LEAKED VERSION. They're not going to "ruin the plot for the rest" when they post the last chapter online (it will happen).

  15. Re:because, it's harry potter on Old-Fashioned DRM Protects Harry Potter Book · · Score: 1

    Why? How is it any worse to read if someone else has already read it?

  16. Re:Supported hardware? on New Debian-based Enterprise Linux? · · Score: 1

    Will enterprise users really want support for hundreds of architectures? Enterprises tend to have lots of servers the same, and strict EOL policies. It's home hobbyists that will have 400 sparcs, mips and alphas from various ages. If the users demanded it it wouldn't be too hard to add support back in, but I don't think for this kind of market they need to support unusual hardware.

  17. Re:Meh? on Pocket PC vs. Palm Showdown · · Score: 1

    They don't fit, you're going into the person next to you's space, unless you're in the lucky position of having two seats for everyone on the bus (not normally the case in the morning rush hour).

  18. Re:Packet filtering on Tear Down the Firewall · · Score: 1

    Exactly. They are, as the author says, a crutch. If your network can be hurt by that "background radiation" you've got deeper problems.

  19. Re:Nice logic, but on Tear Down the Firewall · · Score: 1
    Control outgoing connections?

    Why? That will only inconvenience legitimate users. Any hacker smart enough to get into a secured system can easily get past any firewall you try.

    Provide some protection against DOS attacks?

    Better done on an application-by-application basis. You can use a separate device, but doing it in specialist fashion on each application server is probably going to be more effective.

  20. Re:Meh? on Pocket PC vs. Palm Showdown · · Score: -1, Flamebait
    In my opinion, people should just get bigger pockets and buy a laptop...

    Can't use that on the bus. I realise americans may not understand what one of them is.

  21. Re:Nice logic, but on Tear Down the Firewall · · Score: 1
    The external internet facing interface on the perimiter firewall port forwards web and https to the apache-DMZ and smtp to the mail-DMZ. This firewall is configured such that none of the DMZ's can contact the other or the "internal" network and vice-versa

    Sounds more like a router to me. Are the networks physically separate? If so, you don't need a firewall, just don't have anything route between them. If not, how are you sure the firewall can't be bypassed?

    plus the traffic to and from each network is only allowed on their appropriate ports

    This is the part I'm criticising. Why is that necessary? Presumably the only think listening on the apache server is apache, so it wouldn't matter if you allowed traffic to other ports because they'd be nothing listening. Ditto allowing non-25 traffic to the mail servers, it wouldn't matter because there's nothing else listening on them.

    This firewall also performs flawless prioritisation, bandwidth limiting and spamd blacklisting.

    All useful things, but the device doing them doesn't have to be a firewall.

    However if I had set these machine up like the story, the apache machines would be running local firewall processes which would likely get MODIFIED by the successful attacker, who would then move on to exploting other machines or even just performing DoS, flooding, etc.

    How would the apache server help them "explot" other machines? As for DoS, you're only any better if your firewall can handle a DoS better than the other machines. If so, why not spend the considerable cost getting beefier other machines?

    Security is about layers. This guy thinks it's a good idea to remove the strongest layer, which he considers a crutch.

    It is all too often a crutch. It may appear the strongest layer but it isn't, it's merely the outermost layer. People think it's security by itself, you don't need any more layers. Of course adding a firewall to a network won't make it any less secure, but often the effort spent on the firewall would be better placed elsewhere.

  22. Re:Nice logic, but on Tear Down the Firewall · · Score: 1

    What does server B have that would let you compromise it? If it's not something necessary, why is it running? If it is something necessary, you can't firewall it off.

  23. Re:Does SANE support the Scanmaker 4850 yet? on Tear Down the Firewall · · Score: 1

    No, but if you don't need network access you should tell it to only listen on unix domain sockets and not public tcp. If you do need network access, you don't want to firewall it off.

  24. Re:Nice logic, but on Tear Down the Firewall · · Score: 1
    1)I don't think anyone's dumb enough to open something just because. If they're opening something they're going to want it usable, so they would open it in the firewall as well.

    2)Anyone smart enough to do that is easily smart enough to get past any firewall.

  25. Re:Address translation on Tear Down the Firewall · · Score: 1

    Why is their visibility a problem? If they are running services that you want accessible, they need to be visible. If you don't want people to access the services, turn them off, then the machines aren't vulnerable.