Slashdot Mirror


User: Jah-Wren+Ryel

Jah-Wren+Ryel's activity in the archive.

Stories
0
Comments
11,071
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 11,071

  1. Re:Does Piracy Even Have a Future? on Piracy Forced id's Hand To Multiplatform Gaming · · Score: 3, Insightful

    Two words... Private servers.
    Any non-validating server that attains any level of popularity is going to (a) cost a lot to operate if for nothing else besides the bandwidth and (b) make an easy target for the copyright police. Small-scale server aren't likely to make a dent because it requires a certain level of expertise to even set one up that is probably beyond the average user's ability.
  2. Details? on Piracy Forced id's Hand To Multiplatform Gaming · · Score: 2, Insightful

    Sounds like a bogus misquote of some sort.

    The game in question is, reportedly, multi-player. Which almost certainly means that it will be linked to servers under the publisher's control. Done correctly, no amount of crackz, warez, numberz, etc can defeat an online, real-time verification system.

    I think it is a lot more likely that they chose to develop for the consoles because, surprise there is a market there!

  3. Re:Printer-friendly version on Intel Viiv vs. AMD LIVE! · · Score: 2, Informative

    Works for me.

    Perhaps it is because of refcontrol.

  4. Re:Business Model on The Economist Magazine Looks Outside For Insight · · Score: 1

    Perhaps the Economist should actually talk to their economists, and ask them what 'Incentive Compatability' means. $50 for a new revolutionary business idea surely isn't incentive compatible.
    Have you submitted that idea yet? Because if you haven't, I'll do it claim the 6 month free sub!
  5. Re:NMAP on Management 'Scared' by Open Source · · Score: 1

    Note that the GPL places important restrictions on "derived works", yet * it does not provide a detailed definition of that term. To avoid * misunderstandings, we consider an application to constitute a * "derivative work" for the purpose of this license if it does any of the * following: ... Executes Nmap and parses the results (as opposed to typical shell or * execution-menu apps, which simply display raw Nmap output and so are * not derivative works.) *
    If it went to court they might have some problems with that one. The term "derivative works" is defined by statutory and case law and has an explicit (well, as explicit as any other legal definition) meaning which is why the GPL does not define it. While there is probably no shortage of lawyers willing to argue in support of nmap's position, if there is money to be made, they would have a tough time convincing a court that the output of nmap is a derivative work - it would be somewhat akin to the authors of LAME claiming that any MP3 created with LAME was a derivative work.

  6. Re:All updates relay Information... on All Microsoft Updates Phone Home · · Score: 1

    What would be the difference? If you are downloading updates for a driver, one could reasonable infer that you have the hardware for that driver. Its just whether they are being told you have a piece of hardware or whether you can make a reasonable, educated guess, they are going to get the same results either way.

    The difference is that when you DON'T download an update, because there is not one available which is by FAR the common case, you don't give away any information about whether or not you own that hardware. As reported in the MS blog, MS's system sends all that info to MS whether it is necessary or not.

  7. Re:All updates relay Information... on All Microsoft Updates Phone Home · · Score: 5, Interesting

    That's hardly surprising.
    Considering that most of these applications are installed via the windows-update site...
    I doubt you could even maintain a session without sending information back to the web-server.

    Yeah totally, because:
    • Computer make and model
    • Version information for all installed Microsoft software
    • Plug&Play ID numbers of hardware devices
    • Globally Unique Identifier (GUID)
    • BIOS name, revision number, and revision date
    are all necessary to download a single specific update not to mention maintain a session to the web-server.
  8. Re:flamewar on Law Student Web Forum: Free Speech Gone too Far? · · Score: 1

    Here, as the article points out, because employers use Google to check on all candidates, and employers just won't touch anyone who stands out in any negative way, the slander and libel is causing real damages to the lives and careers of the victims of this sort of juvenile posting.

    Then clearly the problem is with the employers who are so ignorant of the real world that they will give weight to anonymous attacks in some backwater of the web.

    Don't coddle incompetence. In the short term its going to hurt a bit, but if you do coddle it the pain will be much greater in the long term as the important foundations of our society are turned into mere lip service. Either way, you can not fix the problem without some cost, it only makes sense that we don't play favorites and as a society choose the path with the least total cost.

    Freedom of speech exceeds its limits when it impinges on the liberty of the victims to pursue their own lives in peace.

    With a line like that, I suspect you really don't believe in freedom of speech. Advertising constantly interferes with people's ability to pursue their own lives in peace, so do all those political protests that stop traffic and there are plenty of other examples beyond those. Freedom of speech is NOT free. Expecting people to rationally evaluate the content of speech is one of the costs of that freedom.

  9. Re:I made billions- but you'll be replaced on Bill Gates Speaks Out Against Immigration Policies · · Score: 1

    Have you ever been to Disney World?

    Have you ever been to America?

    This country is practically empty of people. Other than a few urban centers, this country is wide open space. We have the agricultural capability to feed 10x our population and more than enough open, habitable land for them all to fit in with out crowding.

    If we let everyone in, then there's no incentive for people around the world to try to convince their own government to stop being so draconian and open up free enterprise.

    Have you ever been to America?

    Our government does not push for free enterprise in other countries, they push for the opening of markets to American business. They are perfectly happy to support statist regimes as long as the American corps can make a profit dealing with them.

  10. Re:One of the problems with RFID on RFID Passports Cloned Without Opening the Package · · Score: 2, Insightful

    RFID may be easy to copy or crack, but someone gets that info on their screen and still validates it against the hard copy when entering/exiting using a passport. You don't just wave it and go on... Passport information by itself is not enough to steal someone's identity or bank account. You still need physical proof. This first pass with RFID is simply making data tracking easier. It was not designed to be secure, just difficult to completely copy or forge. A truly secure passport system would have to include fingerprinting, pass codes, facial scanning technology, or some other system to prove the identity of the bearer.

    The question is not just, "Is an RFID passport secure authentication?"
    The question is, in the big picture when all costs and all benefits are accounted for, are RFID passports a good value compared to the previous system?

    The ability to clone a passport that is in a sealed envelope is a significant cost compared to the previous system because it opens up a whole class of attacks that did not exist previously. Factor in other costs, like the direct cost of the equipment upgrades and the inevitable over-reliance on the system by the people who check passports, the risk to American Freedom from ever expanding government and corporate databases with semi-public access, and even the ability to remotely detect a passport's presence without decrypting the contents (the RFID equivalent of walking around with a sign on your back that says "I'm an American, kick my ass") and the cost-benefit ratio of RFID passports starts to look really, really poor.

  11. Re:my two cents on Demystifying Salary Information · · Score: 1

    If I'm happy and the employer's happy, it makes for a far more plesant salary negotiation than imagining my employment contract to be akin to haggling over a used car.

    Hook, line and sinker man. If you think salary negotiation is demeaning then you will always be an employee and nothing more. Business *is* negotiation and labor costs are just one of the many areas where businesses regularly negotiate. A company won't be made "unhappy" by having to negotiate for your salary, it is just another negotiation for them. But it sure is in their best interests to make you think the way you are thinking. If they can make you negotiate against yourself because you have a mental hang-up about getting paid what you are worth, then that's less work for them. And something to joke about on the back nine.
  12. Re:Wireshark? on A Network Sniffer On Steroids · · Score: 1

    How is this different to say wireshark or any other traffic analyzer?
    It works on fiber-optics because it has frickin laser beams attached to its wire, that's how!
  13. Re:"Web Developer" on Demystifying Salary Information · · Score: 2, Insightful

    Except that, as someone above mentioned, most managers aren't in control of the purse strings. My manager is always complaining about how he'd like to pay more, because he's having an incredibly hard time finding applicants who'll work for what we're willing to pay. Unfortunately, his manager won't let him.
    That is HR's job. Don't be fooled, HR's #1 job in any company of any size is to reduce labor costs. The bigger the company, the stronger HR's ability to enforce salary caps. In some companies HR will turn away exceptional talent rather than pay a commensurate salary because it "sets a bad precedent. HR is *never* an employee's friend.
  14. Re:my two cents on Demystifying Salary Information · · Score: 1

    Mentioning a number doesn't have to be to your disadvantage. I usually shy away from it, but in this current position I named a number -- about 5% more than what I actually wanted -- as the bottom of my range, and that's what I ended up getting offered (plus a 10% annual bonus). You just have to be liberal.

    I really hate it when people equate the term "liberal" with being stupid or a sucker, but man you sure were a sucker.

    It isn't about what you want -- we all want to be millionaires and have 3 playmates for girlfriends living in the house next door. It was about extracting the maximum possible - never leaving anything on the table. You picked a number and they agreed to it, they didn't even try to negotiate you down, they even threw in a 10% bonus. All those things say that your starting number was so pathetically low that you probably left tens of thousands per year on the table which they were happy to keep for themselves.

    As an employee for a "major staffing company" you would do well to find out how much they bill their clients for your time. I guarantee it is 150% at the barest minimum and much more likely in the 200%-300% range. Once upon a time I had a gig in the professional services arm of a very High Priced computer vendor. I discovered that they were billing their clients more than 5x the hourly equivalent of my salary - for every $5 they billed, I only got $1. Now I work independent and I bill the exact same rate as that vendor does, but now it all goes in my pocket. If you are good at what you do, you can do the same.
  15. Re:Trying to have her cake and eat it too? on Hacker Defeats Hardware-based Rootkit Detection · · Score: 1

    When my doctor says "take this pill or you'll stay sick", he's certainly experienced but hardly infalliable. Yet I don't accuse him of being wrong.

    YOU are the one who tried to co-opt the rigorous mathematical proof of strong crypto in the first place, not me.

    If you dispute the last point, I challenge you to come up with a way to virtualize arbitrary hardware devices.

    You've done it again now, twice in a row you have disproven your own original claim about not needing specialized hardware. It really seems like you've just got an axe to grind and not any sort of coherent argument.

  16. Re:Trying to have her cake and eat it too? on Hacker Defeats Hardware-based Rootkit Detection · · Score: 1

    Rootkit VMs are "impossible" in the same sense that cracking strong crypto is "impossible".
    You really seem to be drinking the same kool-aid you accuse Rutowska of - there is nothing even remotely like the rigorous mathematical proof of crypto in the VM world. All there is the opinion of people, who are certainly experienced but hardly infallible.

    Just an external time source - since the detection code is arbitrary (i.e. I could be sending cryptographically signed timestamps, or reading a timestamp off some well-known URL like yahoo.com), it's not possible to block the external measurement. (Sure the VM could look for such loops, but it has to detect any POSSIBLE loop, even dynamically generated ones, which is a halting problem variant and thus undecidable).
    Crypto signatures mean nothing when the machine signing or validating the signatures is compromised, why would you think otherwise? As for being impossible to detect detectors, if the detector is known (e.g. Symantec Norton Anti-VM-Rootkit now with Dynamically Generated Code Timing Analysis) it can easily be compromised. If it is home-grown, well see my point about expense and feasibility for the average data-center.

    The woman DELETES criticisms from her blog and dismisses other attacks as "theoretical" (Anthony Liguori is a Xen contributor). Odd ... her rootkit is far more theoretical than the attacks against it, since solid rootkit-detectors exist and her rootkit is a self-admitted prototype that ignores the need to hide itself.
    You are doing exactly the same thing you accuse her of - arguments based on misdirection, not arguing the facts. For one thing, the whole hullabaloo about Liguori's mention of timing attacks being dismissed as "theoretical" has been overcome by events in the 9 months or so since then with more substantive dismissals (I didn't make up these points about not being able to trust any timing analysis done on a compromised machine, they came out of the discussions of said "theoretical" attacks).

    Because it doesn't have to be the OS reading them - it could be SMM code, or even a device snooping northbridge bus accesses to detect oddly-mapped memory accesses.
    So, now you are saying that, "we need specialized hardware interfaces to scan memory for rootkits"?
  17. Re:Hmm, so... on Humans Hardwired to Believe in Supernatural Deity? · · Score: 1

    Along those lines, there is an interpretation of God's command for Abraham to sacrifice his boy Issac, which (if you are unfamiliar with the conventional interpretation) had Abraham just about to slice the kid's throat as proof of his fealty when God stopped him and said, "just checking." In the alternate interpretation, it is not God who was "just checking" -- it was Abraham, he was checking to see if God would really require the sacrifice of an innocent or not. If he had allowed Abraham to complete the ritual and kill Issac, then that would have proven God unworthy of worship.

  18. Re:Hmm, so... on Humans Hardwired to Believe in Supernatural Deity? · · Score: 4, Insightful

    That would be more of a description of an agnostic. Atheists believe in a lack of supreme being, without any prove that that being doesn't exist.

    No, not quite but still a very common error among religious folk.
    As someone or another has for a sig around here:

    "Atheism is a religion the same way not collecting stamps is a hobby."
  19. Re:Trying to have her cake and eat it too? on Hacker Defeats Hardware-based Rootkit Detection · · Score: 2, Interesting

    Let's see ... last year, she got all over the headlines claiming that virtual machines are a Bad Idea because rootkits could use them to remain undetectable (even though virtual machine experts discounted her "trivially easy and left unimplemented" parts as technically intractable).
    Gee, I read the articles on the other end of those links and they boil down to two points - (1) it is hard to do and (2) it is detectable via timing analysis

    Obviously (1) is really no defense at all because it only needs to be done once and then it is "free" and (2) is deceptively difficult to implement in a fool-proof manner that does not incur large costs on a per-site basis -- it requires an external time source *and* an external performance measurement system because any time data entering the compromised machine (say via NTP) can itself be twiddled to hide timing variations. The obvious method of such a test would be to run a (potentially) trapped instruction that normally takes microseconds but when trapped takes milliseconds. Run it in a loop 100,000 times and the difference will be discernible to a human watching it - but what if the vm is smart enough to recognize such an automated test and temporarily disable the trap for the duration of the test? Not an easy test to implement, not to mention that anytime you have to get a human involved the deployment costs sky-rocket.

    she totally ignores the possibility of a system defending itself against this attack by verifying the registers she's modifying. Lousy research, girl.
    What is to prevent that rootkit-VM (the one that twiddled the registers in the first place) from faking out any attempt by the legit OS to read those registers? Isn't that point of a rootkit-VM, to fake out any parts of the system that need faking out so that the rooted OS can't detect it?
  20. Re:Not so Crazy... on Microsoft Charging Businesses $4K for DST Fix · · Score: 1

    If you are going flame someone claiming they didn't even read the article summary, it sure would behoove you to understand the terms. Flying outside of the US and deploying outside of the US are two distinctly different events - one is temporary and indicates a return soon after, the other is at least semi-permanent and denotes a new base of operations.

    As for GMT vs other timezones, true mainly because GPS runs in Zulu -- but local time is used a hell of a lot more than you might think, especially with the proliferation of COTS components in larger systems.

  21. Re:A serious blow for Wikipedia on Wikipedia's Wales Reverses Decision on Problem Admin · · Score: 1

    I can't think of a more damaging relevation to the Wikipedian ideal than this one, and even if it isn't a death blow to Wikipedia, scholars and researchers EVERYWHERE will have a field day with this; college professors will point to this as an example of why they don't accept citations from Wikipedia. In general, Wikipedia may be totally discredited by this scandal.

    I totally disagree. This kind of event is a logical result of the ideals of wikipedia - an encyclopedia that anyone can edit. It doesn't say, "anyone who can prove they are an expert" it is just simply, "anyone."

    It would be a scandal if wikipedia was a big, top-down command-and-control organization, because it is expected that people will be fully vetted with all the assurances and rigidity that comes with it. There is no such expectation for wikipedia. If people are shocked by this situation, it is because they do not fully grasp the implications of the wiki model.

    The flexibility that is wiki's strength comes with risks, fakers are just another risk. Identify it, be prepared for it and move on.

  22. Not so Crazy... on Microsoft Charging Businesses $4K for DST Fix · · Score: 2, Informative

    Remember the batch of F-22 stealth fighters the lost everything but their flight-control computers when they crossed over the international dateline earlier this month?

    Well, that's certainly not the first time F-22's have flown across the pacific, and they never had that problem before. It was because of the DST patch to their systems, the engineers skipped the regression tests that involved the dateline because it was just a patch for the US timezones. Look what happened.

    So, while it may seem simple enough to change the DST handling in MS Windows, don't count on it.
    Whenever you mess around with time, it is easy to create unexpected results. (cue time-travel jokes)

  23. Re:Say what? on Why DRM Cannot Open Up New Business Models · · Score: 1

    Nonetheless it's impossible to argue that this is not a business model enabled by DRM - if your access did not expire then it'd be equivalent to giving away huge amounts of content for free.
    Like the radio? And before you come back with "of course not, that's *different*" realize that the same argument was made about commercial radio back when it was new tech.

    Basically, he claims there's an economic solution to non-scarcity of information that doesn't involve DRM. I've been looking for such a theory for some time, and never found one.
    There is no scarcity in information distribution any more. But scarcity remains in all the ancillary services - creation, promotion, packaging and selection/quality-control. All those services are both scarce - because they can only be done by creative humans, not rote instruction, and actually create value whereas DRM only reduces value by taking away utility, never increasing it.
  24. Re:Yes it can on Why DRM Cannot Open Up New Business Models · · Score: 1

    "Fundamentally, DRM cannot create a successful new business model."

    Sure it can. Just not in a relatively free market. It can be quite successful given the purchase (investment?) in the right legislation, followed by litigation and/or force.
    What does DRM have to do with that? Given the purchase of the right legislation, any business model can be made successful no matter how ill-conceived -- e.g. look at the US paying farmers NOT to farm their land.
  25. Works Both Ways on Best Buy Confirms 'Secret' Version of its Website · · Score: 3, Informative

    The Intranet version of the BestBuy website is well-known on the DVDTalk bargains forum.
    That's because it lists the "in store" prices and there is a whole slew of anime DVDs for which the "in store" price is super-discounted compared to anywhere else, including the extranet version of the same website.

    The common link seems to be that these anime dvds are either out of print or nearing out of print status. So even though the "in store" prices are really great, very few stores actually have them in stock. But, BBY's warehouse still has many of them in stock. So to exploit the situation, people have taken to using the in-store kiosks to place orders that are shipped directly from the warehouse to their home. If they were to place the same order using the BBY website from home, the cost would be 3x-4x as much.

    For a while there I poked around BBY's DNS and neighboring IP numbers in the hope of finding a way to access the intranet version from the internet and thus skip the trip to the instore kiosk. I don't remember the specifics, but I think we were able to identify the ip address and name of the intranet server (somebody used an in-store system to resolve www.bestbuy.com and compared it to what it resolves to for everyone else on the regular internet), but even though it was pingable, and in the same class-c subnet as the main internet website, it would not accept connections coming in from the regular internet.