Slashdot Mirror


User: Tom

Tom's activity in the archive.

Stories
0
Comments
10,601
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 10,601

  1. "common sense" on The Role of Experts In Wikipedia · · Score: 1

    Yepp, that's one of the many problems with Wikipedia.

    It does great in summing up what's been called "wisdom of the crowd". I think we used to call that "common sense", but that's less of a buzzword.

    The problem with "wisdom of the crowd" is that Wikipedia 1009 AD would have stated "the earth is flat" as a fact, and linked to many sources for the claim, even though experts had known for well over a thousand years that it isn't so.

    The greatest strength of Wikipedia - that anyone who knows something can come in and add it - is also its greatest weakness - any fool who thinks he knows something can come in and add it. And there's no credibility system whatsoever. Einstein's opinion on relativity is, to Wikipedia, equal to Joe the barkeeper's. In fact, if we assume that Joe has less to do with his time, and spends more of it roaming around Wikipedia, his opinion will probably prevail.

    Finally, Wikipedia actively alienates experts with its policies against primary sources and original research. That "secondary sources" are anything but reliable when you've become so popular that your secondary sources regularily use you as their source - well, we've just seen how that works out. And that wasn't the first event of this kind.

    So, when you dig your teeth into what's good and what's bad about Wikipedia, the astonishing result you pretty much have to arrive at, is that your university professor was right: You can use it to quickly look up something for a start, but if you want to have anything solid that you can actually refer to, look up primary and secondary sources, not Wikipedia.

  2. crappy summary of a bad summary on Euro Parliament Wants "Red Button" For Shutting Down Games · · Score: 5, Informative

    Ok, so this /. article links to an article that already is a bad summary of this press release, which sounds a little more enlightened:

    To help parents choose, MEPs would like to see more public awareness of the content of video games, parental control options and instruments such as the Pan-European Game Information (PEGI) age rating system.

    Sounds to me like they're doing the exact right thing: Making parents responsible and asking game companies to give them options.

    Now the actual "red button" part reads like this in the press release:

    the report proposes fitting consoles, computers or other game devices with a "red button" to give parents the chance to disable a game or control access at certain times.

    That does not sound like an emergency "off" switch to me. It sounds more like a timer thing, where a parent can tell the computer "no online games for my son after 22:00". Unfortunately, I couldn't find a source beyond the press release, so what exactly they have in mind remains a mystery. It does sound a lot less exciting than TFA makes it to be. Selective quoting, anyone?

  3. charlatan on Microsoft Accused of Squandering Billions On R&D · · Score: 1

    "Charlatan" is not quite head-on, but closer than "visionary".

    Most of the stuff that Bill is "visionarying" about is total bullshit and never happens. Some of the stuff happens, but not by MS, and in a different form. A few of the rest does, in fact, come to pass. Most of that, again, was pretty obvious for anyone with half a brain.

    But "charlatan"? Not sure. Hm, he sells stuff that doesn't do what it's advertised as doing, and in addition does have bad side effects. I think "snake-oil seller" might be closer.

  4. FUD and bullshit on How To Argue That Open Source Software Is Secure? · · Score: 2, Informative

    Countermeasure: Education.

    'anyone can read the code and hack you with ease.'

    Use the opportunity to explain to them that if reading the code reveals possible hacks, then indeed the code sucks. Cryptography teaches us that knowing the algorithm doesn't give you an "in", unless the algorithm is flawed. Example: Knowing that the file was AES encrypted doesn't allow me to decrypt it (without the key), even though the AES algorithm is public knowledge.

    You could also ask two provocative questions:

    One: Why then are public standards public, if knowing how things work would make it easy to exploit them?

    Two: If knowing the code makes it easy to hack you if there are bugs in the code - then what does Microsoft have to hide, by hiding the code? All the bugs that make hacking it so easy, perhaps?

    Third alternative, you could point out that the source code to windows is widely available (lots of companies and university have source code licenses), and has in fact been leaked into the general public several times.

    My preferred alternative would be "if you believe that shit, you're a lot dumber than I thought", but you probably can't say that to customers.

  5. framework on Website Security Without Breaking the Bank? · · Score: 1

    If you're on a budget (either time or money), use a framework that handles most of the problems for you. Why reinvent the wheel?

    For PHP, there's CodeIgniter, Cake, and some others in the MVC area, and probably some outside. Google is your friend.

    Why a framework? Because stuff like escaping your data before handing it to the database (to prevent SQL injection attacks), or sanitizing your input (to prevent XSS and other attacks) and so on are fairly simple things to do, you just have to remember to do them every time, everywhere. That's when you want a function to handle it, or a framework to shove all the stuff off to.

  6. Re:you can't fix UAC on Microsoft Caves, Will Change UAC In Windows 7 · · Score: 1

    Then you couldn't have used it much. Installing packages, applying updates, changing system settings, attempting to copy files into system areas. These are just a few things in both Ubuntu and OS X that will trigger a prompt just like they do in Windows.

    I'll just address this, because it's the core argument and I'm getting too tired for the rest.

    I run OS X, every day, for maybe 8 hours on average (because I use it both at work and at home). So that's what I'm going to talk about and if Ubuntu is considerably different, so be it.

    I have, just today, changed some settings, installed a new program, applied three updates and done a bunch of other stuff. I was asked for my password once, for the updates. Yes, that means I can install a program without a password prompt, and change settings without one, either.

    I can not recall the last time, or if ever, I was disturbed by a "do I have permission?" popup on OS X unexpectedly.

    At home, I sometimes run XP for gaming on my MacBook Pro. The total use time is considerably less than the time I spend with OS X, and I spend probably 99% of the time inside one game or the other. Despite that, I've had several instances where some windos popup has forced me out of a fullscreen app/game unto the desktop to ask a stupid question. Now this being XP, that's not UAC, and not all of them would be UAC on Vista/7, but the majority would. Let's not even get to the point where the stupid thing reboots on its own if you didn't say "no" within a predetermined time, totally ignoring the fact that while running fullscreen you probably didn't even notice that it's waiting for a reply.

    Now given that experience, please explain to me how I could even remotely not be upset about the claim that one thing would be just like the other.

  7. Re:The first thing that comes to mind... on Sacrificing Accuracy For Speed and Efficiency In Processors · · Score: 1

    Errr... no?

    What you're looking for in games is not randomness - that's easy to come by, just fetch it from /dev/urandom.

    The whole point, for example, in landscape generation is not that your computer is "too precise" or anything like that. It's the simple fact that natural shapes are nowhere near random. Getting a landscape from a random data generator will yield you anything, but not a realistically looking landscape.

    Likewise, the problem with AI is not that it is "too exact". It's trivial to add some random spread to the shoots, or some randomness to the position evaluation or decision tree. The point, again, is that natural behaviour of men or animals might look like random at first glance, but the same eye/brain combo that tell you "random movement of people" when you look at a video of a shopping center, will immediately alert you that something is very wrong when those people actually do move randomly.

    That's because the common-sense definition of "random" isn't the mathematical definition. When we say "random" in a normal environment, we mean "can't make a meaning out of it at once" or something like that. In fact, true randomness is very counter-intuitive. The simplest test I know is to ask people which sequence on a die roll is more likely, 3-5-2-1-4 or 6-6-6-6-6.

  8. Re:In other words... on Average User Only Runs 2 Apps, So Microsoft Will Charge For More · · Score: 1

    but still buy the expensive ones which are virtually identical but have a one-bit flag difference between them.

    That's the technical point that makes me cringe.

    Will 7/2 be running on a different kernel code? Not likely. Whatever code enforces this limit will be present in other versions, too. Probably disabled. Hopefully competently disabled. Bugs could still affect it, added complexity still applies. If they are serious about this and don't make it a single if() in the launcher code, it will, even slightly, affect the other versions, too.

    And even if the performance impact probably doesn't matter except under laboratory conditions and atomic-clock precision measurements, any bugs this causes still matter.

  9. Re:Is this the 70s ? on Average User Only Runs 2 Apps, So Microsoft Will Charge For More · · Score: 2, Funny

    No, this is the early 21st century and all - it's just that MS after two decades of trying is finally giving up on this "multitasking" thing that they could never get quite right anyways.

    A small, but vocal, group with the company, however, has successfully convinced upper management that they are fairly certain that they'll be able to run two applications side-by-side, because, as they pointed out in internal memos: "Most computers these days come with multi-core CPUs anyways, so we can just run one app on each processor, and not have any of that multitasking hassle."

  10. mixed on CCP To Discontinue EVE Online Support For Linux · · Score: 1

    Now we Mac people are in the same boat as the Linux people - the OS X port of Eve also isn't a native port. And if you look at the forums even a little, it shows. It's one of just two pieces of OS X software I know that have crashed on me repeatedly, in short intervals.

    So while I welcome the fact that they've made ports at all - most companies don't even do that - the fact still remains that the Transgaming shit is nowhere near a native port in quality.

    Even though they failed as a business, some of these days I wish for Loki back. Fortunately, the OS X world still has a few (2 I think, but might be 3) companies doing native ports.

  11. statistics on Average User Only Runs 2 Apps, So Microsoft Will Charge For More · · Score: 1

    the average consumer has open just over two applications [at any time].

    I don't doubt the first part, but I do doubt the second one. At any time? Sure? I'm very certain almost every computer user has had more than that running at times. Probably rarely, but let's see, every John Doe: Mail and Web, right? Let's assume he clicks on a PDF link and it opens Adobe Reader. Whoops, that's three apps right there. I'd also say he has a non-zero chance of having iTunes or WinAmp or some other MP3 player running in the background. That's four, or three if he's using webmail.

    Also a lot of questions. For example, does IE count as one of those apps? Probably not, because otherwise the whole desktop would take up one slot. Ah! So that's how they arrived at that figure. You see, the typical MS user has open, at "any" time:

    * IE (which doesn't count)
    * surfes the web - of course with IE (which doesn't count)
    * uses webmail - which means IE (doesn't count)
    * hears some music - of course some internet radio via mediaplayer's IE plugin - which means it's running IE, which doesn't count

    and so on?

  12. Re:you can't fix UAC on Microsoft Caves, Will Change UAC In Windows 7 · · Score: 1

    So you've never used Ubuntu then ? Or OS X ? You know, the platforms Microsoft keep getting accused of copying ?

    UAC and sudo do the same thing, and have remarkably similar implementations, given the fundamentally different underlying security models.

    I have, apparently you haven't or you would be aware that the windows they pop up are not "sudo", unless you're the one imprecise with words and what you're really trying to say is not "sudo" but "priviledge escalation".

    Look, I already said that UAC by any other name is still crap.

    When I've usedd Ubuntu, I saw nothing like UAC. There is a GUI-based sudo on Ubuntu, but it is always triggered by user action. I've never seen it pop up unexpectedly, say why I was reading mail. But it's been a year at least since I last used Ubuntu, so that might have changed.

    On OS X, which I use daily, there are two things. One is like Ubuntu, when you do something that requires super-user rights, it asks you for a password. Nothing to see here, definitely not UAC. Then there's the other thing that is a bit like UAC, namely that OS X asks you for permission when a program wants to open a port or such things. That is probably what you have in mind, because it's somewhat close to UAC and yes, one could start discussing the pros and cons of that.

    But frankly, I don't feel like discussing that with someone who insists on a precise definition of "root" while using "sudo" as a generic term.

  13. Re:you can't fix UAC on Microsoft Caves, Will Change UAC In Windows 7 · · Score: 1

    Actually root is a concept, it is the concept of a superuser. root is just the most common username given to UID 0.

    Oh dear. If you want to step to that level, then root is a word. It even has several meanings. Thought we'd not be nitpicking here. :-)

    You may have heard of sudo. The concept is the same. There are numerous GUI implementations of same.

    Errr, no? sudo is absolutely not the same as UAC. I've yet to see sudo jump up and down, telling me that some other program wants to do something on my system, asking me for permission.

    That's the core point. UAC is a disruptive excuse for security, sudo is a program that allows user-triggered priviledge escalation. Pretty much the only thing they have in common is that they both ask for a superuser password.
    The fact that UAC is not triggered by the user is not a minor difference, but very important.

  14. Re:UAC is useful on Microsoft Caves, Will Change UAC In Windows 7 · · Score: 1

    I challenge you with the claim that you understand neither English, nor analogies.

    We can continue this discussion in my native language, if you insist. Or you can be thankful that foreign people take the pains to learn yours and stop being so self-absorbed. Your choice. :-)

  15. Re:you can't fix UAC on Microsoft Caves, Will Change UAC In Windows 7 · · Score: 1

    root is not a concept, it's a system user. UAC is not a user account, it's a concept. You can't compare the two.

    So what exactly do you want to compare? Any Unix GUI that copies UAC is just as broken. I'm not saying "UAC on windos is a flawed concept", I'm pretty clearly saying "UAC is a flawed concept".

  16. Re:I had a little glimmer of hope on Microsoft Caves, Will Change UAC In Windows 7 · · Score: 1

    How I love it when good info is mixed well with bullshit. :-)

    SELinux and NT permissions are not the same thing. SELinux isn't about ACLs, it's about MAC and RBAC and (incompletely when it was released) also about MLS. If you don't know what any of that means, you shouldn't be talking about how it is "like NT".

  17. Re:UAC is useful on Microsoft Caves, Will Change UAC In Windows 7 · · Score: 2, Insightful

    While many may scoff at UAC, it does do something very well. It foists responsibility on the user. While this may not be the nicest thing to do, it enforces perhaps the most difficult ideal. That being of awareness of security.

    I challenge you with the claim that you understand neither users, nor security.

    Or, to bring up a car analogy, UAC is like asking the user for tire pressure, the mixture rate of gas and air, and the precise timings of ignition in order to drive a car. Then telling drivers they're stupid fucks because most of the cars on the streets stutter around or burn up.

    Security education is an utter and total failure and most serious security professionals have long moved away from it. Today we train security awareness, which is a lot simpler and more basic, or on the car anology: We teach people to call the garage when any red lights flash.

    And no, UAC isn't a red light. It doesn't indicate that something is wrong, it asks the user if something is wrong, and most of the times while the user clicks on "no, go on" what he really means is "how should I know? shut the fuck up already and let me work.".

  18. you can't fix UAC on Microsoft Caves, Will Change UAC In Windows 7 · · Score: 1

    It's simple, really. The concept of UAC is broken, not the implementa... ok, they're both broken, but you can only fix one of them.

    The idea that the user can even make these decisions is fundamentally flawed and shows that MS is run by either geeks (who don't understand that human life is possibly with knowledge of stacks, heaps and pointers) or lawyers (who don't care about users at all and only want to see responsibility shifted to parties outside the company as much as possible).

    90% of windos users can not decide security questions. You could probably put "process X wants to wipe your harddisk and anally rape your kids, Allow or Deny?" up and they'd click "Allow". Part by habbit, part by stupidity, and part because they've been asked questions they can not possibly know the answer to for years now and learnt that unless they click "Allow", they can't continue doing what they want to do.

  19. Re:Firefox security hole on Microsoft Update Slips In a Firefox Extension · · Score: 1

    How the fuck do you expect any installed application to protect itself from being modified by Windows Update?

    It's called cryptographic signatures. You might have heard of the concept.

  20. works, end of story on Why Do We Name Servers the Way We Do? · · Score: 1

    We do it because it works. It's that simple. Move along, nothing to see.

    (names are easy to remember, names within the same context even better due to association, blabla. You can probably make a study on it, but why? when it's all dead-obvious to anyone with half a working brain???)

  21. finally on A Gates Foundation Education Initiative Fizzles · · Score: 1

    Thanks, editors! Finally an article that tells me just why I've always had trouble cheering for the Gates Foundation, in the face of all the good it does.

    Because Gates is a trial-and-error visionary. The only reason he's got so high credits among the general population is that his failures are generally forgotten, even though they by far outnumber his brilliant ideas.

    When people's lifes depend on that, and education is a vital part of that, it becomes more than a game.

    I'm still not sure it's totally bad - we need people who try out stuff. But the amount of money behind the Gates Foundation is way too large for testing. Like windos, sheer size pushes stuff that's barely a beta into the production environment. Another foundation with less money would have had to run smaller, closely monitored test projects, instead of rushing into a full rollout.

  22. Firefox security hole on Microsoft Update Slips In a Firefox Extension · · Score: 1, Insightful

    It seems you've found a glaring Firefox security problem there, that ought to be reported immediately.

    If it is possible to silently install add-ons, how long will it take until someone finds a way to send you one via Exchange? One that, say, logs your keystrokes whenever you visit a URL starting with "https://", such as your online banking site?

    Firefox needs to validate its add-ons and make sure the list can't be manipulated without user interaction.

  23. Re:Windows 7 or 8 or whatever will not fail on If Windows 7 Fails, Citrix (Not Linux) Wins · · Score: 1

    The apps are not there.

    Depends on what exactly you mean by that.

    Apps certainly are there. Except for some special cases, there's an equivalent app for everything you have on windos. Especially for a normal office environment, it definitely is all there.

    But, it's not the very same apps that people know. And people prefer the known bad to the unknown good, and the known abysmal to the unknown unknown, if you know what I mean.

    And quite a few of those dummies are the upper management that makes the decisions.

  24. Re:cost of doing business... on "Do Not Call" Violators Fined $1.2M · · Score: 1

    What if I don't get a rats ass if my income producing activity hurts someone else?

    Society has decided to not want to tolerate that, some 20,000 years ago.

    Two exceptions:
    a) if you hurt someone society doesn't care about, or it wants to hurt, then you're fine (e.g. soldiers, official executioners or torturers until the middle ages, teachers - ok, just kidding :-) )
    b) for the past few centuries, a workaround/hack has been found, it's called "the corporation". If you don't personally hurt others, but hide behind a company that does, and the hurting of people is just a side-effect of what the company does, you're also fine (pollution, chemical industry, child labour, etc.)

  25. Re:cost of doing business... on "Do Not Call" Violators Fined $1.2M · · Score: 4, Insightful

    As shady as telemarketing is, it's supporting and employing thousands of Americans every year.

    I call strawman on that.

    With the same argument, you'd have to make drugs legal, all of them. Or child porn. Or concentration camps. They all do or could do the same - employ people.

    The fact is: The "it offers jobs" argument is entirely hollow. If we made computers illegal today, sure there would be a couple million unemployed people tomorrow. They'd have different jobs by next week, when we find out that we still need work to be done, and people to do it.

    The "jobs" argument is a pseudo-argument that pretends to look at things from a higher perspective. What it really does, however, is cover up the proper higher perspective, which is: What is the value for the local/national/global economy?

    Telemarketing sells stuff. It does not create any additional value. It does have a negative economic impact through the damage it does to people who don't want to be called (time is an economic commodity, even if it's nominally spare time). I've not run the numbers, but I dare to say it at least equals out, given how many people's evening the telemarketers have to ruin in order to make one sale.

    On the whole, telemarketing almost certainly provides a negative contribution to the local/national/global economy. Just like drugs or concentration camps, so it needs to go the same way - outlawed.

    Footnotes:
    a) I'm aware "drugs" is a very high summary here and not all drugs fit equally
    b) I've not made nor do I intend to make an economic "analysis", however rough, on the topic of child porn, that's why it's missing in the second enumeration