Slashdot Mirror


User: Tom

Tom's activity in the archive.

Stories
0
Comments
10,601
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 10,601

  1. Re:Sophistication on Sober Code Cracked · · Score: 1

    why stop at good enough. These people want to own 10000 machines.

    And 10k machines doesn't even require a "good enough" virus/worm. A crappy one will do.

    Well-managed botnets by large players are on the 200k size. I think the largest I've ever heard of being for sale was 400k.

    And yes, there have been worms that formed distributed networks, but for other purposes. A network defending itself has been in research for a couple of years, and many ideas have been created. However, it probably isn't cost-effective. Which means that it's cheaper to lose 10k machines and root another 10k than add protection code.

  2. Un-DVDs? on Hacker Team Releases First 360 ISO · · Score: 4, Insightful

    So, the xbox DVDs are broken in that "nahnah, you need special firmware to jump across this intentional break" way.

    Do they carry the DVD logo? Are these things DVDs or not?

    Yeah, it might look like nitpicking, but standards and interoperability are crucial to an info-age society.

  3. Re:Lawsuits ad nauseum on Song Sites Face Legal Crackdown · · Score: 1

    I am absolutely certain there is a special ring of hell reserved for these RIAA goons and their SCO-like tactics.

    And I hope your faith in the afterworld doesn't prevent you from taking action against this insanity now and here. Stop letting the pope tell you to accept it all because things will be better later. Maybe they will, maybe they won't. You should act as if they won't, because that is the "erring on the side of caution" option here.

  4. Crusade on Song Sites Face Legal Crackdown · · Score: 1

    Crusade is absolutely the proper term. Pointless warfare on innocents, in order to distract from the actual problems of poverty, oppression, er, wait: greed, rampant cartels and lack of innovation and adaptability.

  5. Re:Sophistication on Sober Code Cracked · · Score: 1

    Nearly every worm / virus is small presumably so that it can spread quickly in limited bandwidth situations.

    Nonsense. Size is a negliegable factor, unless you go into MB sizes. There's almost no difference between a 2k and a 10k worm. I already proved that more than two years ago (see my worm paper, this is on p. 15).

    Your initial stage is also covered there.

    The whole plugin stuff is something I've looked at after writing the paper, and talked about it in a speech called "The Future of Malware" at two conferences.
    There's lots of stuff possible here, but the main point is: It ain't necessary. Why spend hours upon hours on a smart worm or virus, if you can hack up a passable one in 30 minutes and it's good enough?

  6. Re:This is a new one... on Sober Code Cracked · · Score: 2, Insightful

    AV is more about marketing than technology anyway.

    No, it isn't. Not about either of those. It's about hard work. AV means having honeynets to catch the malware, then take it apart, create a signature, plug that into your file and send out an update. All as quickly as possible, pretty much around the clock.

  7. Re:Bad metric on Most Home PC Users Lack Security · · Score: 1

    Correct, give the man a cookie.

    Firewalls are quickly becoming obsolete. Everything tunnels over HTTP anyways today, or spreads via e-mail, etc.

    What a firewall is is a safety net. It blocks connections to stuff that shouldn't listen anyways, just in case. A few years from now, the firewall will be gone, so deeply integrated into the TCP/IP stack that it's simply a config option there.

    However people will still buy "Firewalls", because the term's evolving. What is sold as a firewall today simply isn't. It's two dozen things rolled into one, often incorporating a proxy, HTTP filter, virus scanner and whatever else they put into it. Marketing just uses the term "firewall" because people know it and think that's what security is.

    In the future, we'll probably have many "firewalls" on our computers, including "firewalls" between computer components. Think compartments. SELinux might be able to implement something like that using roles and MCS. I'm working on a concept.

  8. Most Slashdot Articles Rehashing the Obvious on Most Home PC Users Lack Security · · Score: 4, Insightful

    from the news-at-eleven dept.

    Bug writes "CNN and Al Jazerra reported in a joint statement that a survey of slashdot articles found that 81% of them lacked at least on of the three critical contents of a newsworthy report. However, the number of dupes has been recently improving, according to a report released yesterday."


    Ok, really. Everyone with even the slightest interest in computer security knows that there's not much that's easier than taking over a dozen or so home PCs. Why else, do you think, do prices for botnets range in the cents-per-machine range? Because it takes maybe one cent of effort to break into the average home machine, otherwise those selling the botnets wouldn't be turning a profit. It's probably more expensive keeping other botnet harvesters out than getting in in the first place.

  9. Re:As a Windows application developer ... on South Korea Fines Microsoft $32 Million · · Score: 1

    what's a developer to do?

    His job, you lazy fool. Are you a software developer or a software repackager?
    You don't need IE to send an HTTP request to update the high score board of your game. What you need is libcurl or something like it. You don't need Outlook to send a debug email, you need some mail sending library.

    Just because M$ calls its mail library OutlookBloat.dll and bundles it with the entire application API, GUI and 500 other things in there doesn't make it holy, you know? That kind of bundling is exactly what's the problem in this case, the EU case, the US case.

    In fact, any individual constantly and persistently breaking the law the way M$ does would've been in jail for years already.

  10. huh? on RIAA vs Linux and DVDs · · Score: 1

    Am I missing something? I've been watching DVDs on several Linux systems for years. In fact, Linux is the better DVD player, because it allows me to skip the "unskipable" ads and FBI warning nonsense. In fact, I quite value mplayer for its no-nonsense approach - DVD in, mplayer on, movie starts. I never understood why regular DVD players shove you to the menu when obviously watching the movie is what you want to do - the menu can always be available on a button press.

    So, the RIAA... eh, wait. That's the recording industry ass. - sure the author didn't mean the MPAA? They're the 2nd row bad guys here, the DVDCCA is the licensing org and the one that's been suing Linux people around the globe.

    So with those bugs fixed, there's still the problem that it's friggin 2005 and we already won this battle almost 2 years ago when the DVDCCA lawsuit was dropped. I should know I was there. Except that I never got my "I was sued by the DVDCCA and I all got was this T-Shirt". :)

    So to make a long rant short: What the fuck is "stuff that matters" about this article? It might've been news 3 years ago.

  11. Answer on Why Can't Microsoft Just Patch Everything? · · Score: 3, Insightful

    Incompetence, disinterest, different priorities, and no business reasons to do it.

    Oh, he didn't really want an answer?

  12. Re:I hope it doesn't get widely deployed on Driving Away Teens With High Frequency Noise · · Score: 1

    If the guys are annoying, call the cops on the fuckers.

    One of the things that's fucked up with society is that nobody can handle the small things on their own anymore. Instead we call the police on a few teens, or drag our neighbours to court (a huge part of the civil suits in most western countries are disputes between neighbours).

    Doesn't work that way. A couple of years ago, a few teens on public transport harassed a girl about their age. Yours truly went over, sat down next to the girl and told the guys to fuck off. They did. End of story.
    You would've called the cops? You're insane. Responsibility is acting yourself, not calling someone else to do it for you.

  13. Re:Wonderful on Driving Away Teens With High Frequency Noise · · Score: 1

    I could never understand the whole "you insulted me so I'll respond with physical violence" mentality.

    It's understandable, really. If someone uses a tool to attack you that you don't have available, would you say "bad luck" and try to do with what you have, or would you aim to level the playing field, even if it means going somewhat beyond your opponent?

    i.e. someone grabs a piece of wood to smash your head in. Would you take the lead pipe that's next to you to defend yourself, or would you say "damn, no wood, and that lead pipe would be unfair, so I'll just take the beating like a man" ?

    So, if someone insults you in a witty way you can't properly reply to due to lack of wit on your part (and wit isn't the same as intelligence!), you have the same two options...

    Honestly, I also think that violence is overhyped, but that's a result of escalation. When I was a kid, or even more when my father was young, then getting beaten up wasn't such a serious matter. It hurt, especially the pride, but hey. Today, unfortunately, beating someone up can easily mean one leads to the other and in the end someone draws a knife or a gun. Even if that doesn't happen, too often kids actually try to inflict serious harm.

  14. Re:TTC on Driving Away Teens With High Frequency Noise · · Score: 3, Interesting

    This is being used over here in Germany in several cities. Apparently it not only keeps gangs away, but also drug dealers, bums and other folks who loiter around at train and subway stations.

    I wonder if that says more about these people or about the music.

  15. Brilliant! on Diebold Threatens to Pull Out of North Carolina · · Score: 1

    Next time I break the law, I simply move elsewhere! Then they can't sue me anymore, can they?

    Whatever it is they were smoking, it was some heavy stuff.

  16. Re:Heh... **Beatles!!! on ICANN Considers Single Letter Domains · · Score: 1

    Slashdot should at least put a ref=nofollow in the links to submitters

    Seconded

    (or better yet, only link the submitter's name to his/her user page).

    Won't work, it's trivial to solve that daily or so.

  17. why? on ICANN Considers Single Letter Domains · · Score: 2, Funny

    Well, I guess the real question is: How much did 3.com pay them?

  18. Deal on Mac mini, Apple DVR? · · Score: 2, Interesting

    Two years ago, I put my old notebook in the living room as an entertainment center. Since then I've tried MythTV and half a dozen other solutions, but none of them satisfy me (I want DVD, video and music playback, no TV functionality). Today I run mplayer or xine from the commandline, it's the least hassle.

    If this thing actually appears, I have an old notebook for sale.

    No way in hell am I giving M$ the keys to my living room. Linux was tried, but didn't quite work out. I do have confidence in Apple to pull this off. I'm very much looking forward to the Expo.

  19. Re:Submitter is a link spammer-stop posting his st on Microsoft Receives Open Source VIP Blessing · · Score: 1

    I'll tell if you stop hiding

  20. Re:yawn on Microsoft Receives Open Source VIP Blessing · · Score: 1

    You should read the link I included. It specifically talks about "sunk costs" and that's exactly what's at stake here.

  21. Re:Submitter is a link spammer-stop posting his st on Microsoft Receives Open Source VIP Blessing · · Score: 4, Interesting

    Who cares?

    I do, and apparently many others. The problem isn't one guy posting stuff with links to his various websites. That's ok.

    The problem is a potential collaboration between this guy and a /. editor. Maybe he's providing content, but maybe 20 other people provide the same content and are rejected in favour of this guy. Maybe Scuttlemonkey even gets a small kickback for favouring him.

    And that's where it crosses the line. It certainly is interesting to see that all of his postings were approved by Scuttlemonkey. Coincidence? Maybe. Maybe not.

  22. yawn on Microsoft Receives Open Source VIP Blessing · · Score: 4, Insightful

    Its called the bait and switch, and I'm surprised someone so experienced falls for it.

    In short: Sure they'll release specs. And just as certainly that which is actually implemented in the next office version will be something different. Probably minor, but crucial differences. Minor enough to be able to say "*shrug*, we just made a few updates and extensions" and crucial enough to prevent interoperability.

  23. speed on 300 gigabytes in the size of a DVD? · · Score: 1

    Not to mention the drives themselves can read and write at ten times the speed a normal DVD drive.

    They better do. If they hold 90 times more data, then 10 times more speed isn't a feature, it's required.

  24. Who cares? on Is SETI a Security Risk? · · Score: 3, Funny

    Frankly, anyone who is 2-3 years ahead of today could lay waste to our entire IT infrastructure anyway. Just look at what some malware can do that's a month or so ahead of current patchlevels.

    Any aliens that are 10, 100 or 1000 years ahead of us technologically... well, the 10-year-ahead aliens probably know how to wipe out every computer on earth within 2 minutes. The 100 and 1000 years-ahead aliens almost certainly aren't backwards compatible enough. :)

  25. Re:10 hours and 26 minutes? on Time Saving Linux Desktop Tips? · · Score: 1

    are we really bleeding users?

    Any users or good users?

    I certainly don't see a lot of the people I found useful in the early days around anymore. My friends list would've been 2-3 times as long if that feature had existed from the start. Even though, I feel like it's shrinking rather than growing.
    I also find that I comment to the story more often than to other comments nowadays, while it were the comments that originally sold me on /. years ago. And that was before moderation was introduced!