Slashdot Mirror


User: Kalriath

Kalriath's activity in the archive.

Stories
0
Comments
5,654
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,654

  1. Re:Let the market speaks on Lone Programmer Writes 352 Webcam Drivers For Linux · · Score: 1

    Ah, the "open source is inherently better than closed source" hippies! In the majority of circumstances, closed source and open source are equally useless. Your average computer user can't read C++, so your argument that being able to see the source is better than not being able to see it is a fallacy - seeing and understanding are two different animals, and the average computer user finds the C++ source to be about as readable as arabic to an english speaker (erm, who doesn't also speak arabic). I have never heard one convincing argument why open source is inherently better than closed source. I have also never heard one convincing argument why closed source is better than open source - which is kind of the point. At no point did I say that. But hey, don't let that stop you foaming at the mouth.

  2. Re:Let the market speaks on Lone Programmer Writes 352 Webcam Drivers For Linux · · Score: 1

    Ok, so this isn't the fault of Windows at all. It's the fault of its developer community. Yeah, this I can definitely understand. It is important to distinguish however when you are talking about the developers as opposed to the OS.

    Keeping in mind that a user can still easily find out what failed without a developer's assistance by clicking the "More Information" (or is it "See what data this error report contains") link on the error box. "Faulting Module" is one of the first details there.

  3. Re:Let the market speaks on Lone Programmer Writes 352 Webcam Drivers For Linux · · Score: 1

    If Windows reboots like that, you see a message at next boot stating "The system has recovered from a serious error" which allows you to report the issue to Microsoft, as well as giving you a pointer to where some debugging files are found.

    On Windows it's quite easy for an end user to gather information for a developer, who can determine where the problem is (or for OS faults, just send it to Microsoft who'll forward it to the relevant people).

    Linux IMO is much worse for that with the arcane "Kernel Panic" screen (though arguably one could say that the need to have a friendly system for reporting fatal kernel faults underlines an underlying issue that really should be looked at).

  4. Re:am I missing something here? on Is It Time For an Open Source Certificate Authority? · · Score: 1

    https://addons.mozilla.org/

    "The web site addons.mozilla.org supports authentication for the page you are viewing. The identity of this web site has been verified by XRamp Security Services Inc, a certificate authority you trust for this purpose"

  5. Re:Main use would be code-signing on Is It Time For an Open Source Certificate Authority? · · Score: 1

    https://www.godaddy.com/gdshop/ssl/ssl.asp Godaddy does 'em for $20 per year. They're even a real root CA, not chained from Verisign, Thawte, Equifax or Comodo. Woah, they even have EV-SSL for half of Verisign's extortionist price.

  6. Re:Zimmerman has it right . on Is It Time For an Open Source Certificate Authority? · · Score: 1

    Sorry, you're not quite correct there. For a start, what you don't realise is that Verisign completely ignored the phone number you provided on the application. They took your company name, and looked it up against what they consider a trusted source (usually your telco's white pages), calling THAT number. Next, the certificate they sent you is next to worthless. It does not contain your private key, only your public key (your private key was installed on your PC when you filled in the forms in the first place). It certainly doesn't need to be encrypted, considering how useless it is on it's own.

  7. Re:Misleading Title on Kaleidescape Triumphant in Court Case, DVD Ripping Ruled Legal · · Score: 3, Funny

    Needs to be old news to qualify for posting here on Slashdot. It can also be one or more of the following: Microsoft bashing, Apple touting, RIAA smashing, or just wrong.

  8. Re:NoScript helps on Virus Writers Target Google's Sponsored Links · · Score: 2, Informative

    Internet Explorer has a similar one:

    Tools > Internet Options > Security > Custom Level > (Scroll down to) Scripting > Allow status bar updates via script.

    (Im out of breath after quoting THAT maze)

  9. Re:There's never enough room for all the pigs. on Investment Companies Backing Patent Trolls · · Score: 1

    It's twitter. He replies to EVERYTHING with something about how it's Microsoft's fault.

  10. Re:Vista and XP activation is your first level of on Is Windows Vista in Trouble? · · Score: 1

    Now Visual Studio. Programmers, for the most part, are generally very capable users. They know what all is out there, and they are much better at coping with the differences between products if they get too pissed off. If Microsoft pushes them too hard, they may well find a lot of their developers switching over and using Borland development tools instead (I like Borand better anyways but that's a different topic :)). Or MS's worse nightmare: it might drive developers to using GCC and GTK/Glade for their Windows development. They'd have a shitstorm if suddenly lots of software for Windows became portable to Linux with such minimal effort. True that, I never looked at it that way. Though ironically, I have noticed a disturbing trend of Borland products requiring registration to run, and more details than Microsoft's activation does (I have Delphi installed and still love using it, and it requires a big text file present which you obtain by registering with Borland/Inprise/Borland/WhateverItCallsItselfToday )

    I gotta admit though, VS is pretty slick. And I especially love the way it goes ballistic at you if you use proprietry tags in your HTML. "Filter? What's that? That aint CSS 2.1! BAD DEVELOPER!" "-moz-opacity? Nope, that aint CSS 2.1 either. BACK IN YOUR CORNER!"

    Besides, when you consider Mono, VS' output really is quite easy to port to Linux ;)
  11. Re:Vista and XP activation is your first level of on Is Windows Vista in Trouble? · · Score: 1

    This would be an interesting test.

    Another thing I can't confirm though is whether it uses some sort of SSL or other signed tunnel communication to prevent man in the middle attacks (if you can really call it an attack).

    I suppose really whether you can pull this off or not depends on whether MS expected you to try. If they did, it'd be using some sort of digitally signed communication with checksum verification and all sorts of other stuff. If they didn't, it's a call to a "YES" or "NO" web service.

    Amusingly, Windows Vista's business edition makes this sort of thing much easier with it's optional reliance on an "activation proxy" server which is fully within your boundaries, and essentially responds that Windows is good to go to every activation request, and activates itself less frequently (note: not compatible with XP).

    It also makes me wonder why some of their products go the other way... Visual Studio 2003: "You have 50 launches left before you need to activate", Visual Studio 2005: "Welcome to Visual Studio. Did you want to join the Customer Experience Improvement Program?"

  12. Re:Vista and XP activation is your first level of on Is Windows Vista in Trouble? · · Score: 1

    IP addresses of some Microsoft sites are hardcoded into the protocol driver. Your idea would not work.

  13. Re:Well, in that case on Boston Bans Boing Boing From City Wi-Fi · · Score: 1

    According to the link in the update to the summary:

    This is the message that appeared in the server log:

            http://www.boingboing.net/ *DENIED* Banned combination phrase found: google, &safe=off

    It looks like the "Banned combination phrase" was the following link, because of the search with SafeSearch set to "off":

            Much more of Biskup on Boing Boing Link

  14. Re:Thanks Tim on Amazon Sues Alexaholic · · Score: 3, Insightful

    Here's the trademark registration: http://tess2.uspto.gov/bin/showfield?f=doc&state=m kfu1u.3.3 Here's an actual instance of CMP/O'reilly threatening a (not even US-based!) non-profit for using it: http://www.tomrafteryit.net/oreilly-trademarks-web -20-and-sets-lawyers-on-itcork/

  15. Re:Job / Hobby / Quest ? on Anti-Spam Suits and Booby-Trapped Motions · · Score: 2, Informative

    Unfortunately, they're silver.

  16. Re:Security, sure, but let's not forget consistenc on Browser Wars Declared Over? · · Score: 2, Interesting

    Actually, I don't think that's the case. Seriously, I can actually picture Visual Studio's development team at Microsoft glaring evilly at the Internet Explorer team. Have you seen what Visual Studio thinks of IE hacks in your CSS? Let's just say that if it looks right in VS, it'll look right in Firefox. But the demons help you if you want it to look right in Internet Explorer. "filter? What the fuck kind of CSS attribute is filter? FIX YOUR CSS2.1, BITCH!" "-moz-opacity? Nuh uh! I don't see THAT in the spec!" And my personal favourite "Wherre's your demon damned doctype? INSERT A BLOODY DOCTYPE!" Yeah. That's Visual Studio's take on "IE CSS Extensions" or "Firefox CSS extensions". Oh, and VS does the Box Model like Firefox, not IE.

  17. Re:Or the better (free, as in choice) option on MS Releases New Media Player Firefox Plugin · · Score: 1

    See, there you go again. So far, every instance of trojans being installed via DRM has resulted because some ass managed to get through the WMRM software approval process. It has NEVER been because someone has found a way to pretend to be a rights manager server. And in all cases, this has resulted in their license being terminated (possibly prosecution, but there's no publicity when actions like this is taken). There are no backdoors to fake a WMRM server. Don't talk shit. And trojans can't be installed via media player. About 4 years ago when this issue came up, MS changed media player's security component to run in the Internet zone, not Local Computer (one hell of a bug if you ask me). Now, Media Player can only install stuff after prompting (it's sandboxed better than Internet Explorer itself).

  18. Re:that punishment won't be effective on MS Releases New Media Player Firefox Plugin · · Score: 1

    You're right on one point, it was a mistake to say small company.

    A forged Telephone Bill wont work, they check your number with directory assistance too.

    I do not think this situation is anywhere near as common as you claim it is. In fact, I call bullshit. One or two cases of social engineering (difficult to impossible when dealing with a paranoid certification authority) do not identity theft make.

  19. Re:Or the better (free, as in choice) option on MS Releases New Media Player Firefox Plugin · · Score: 1

    Who said I liked it? I just don't like seeing wrong information. Yeah, it's a failing. It's actually, to me, a very surprisingly robust and secure process to get hold of software like this. I'm sure there's ulterior motives (what would an open source dev with a DRM hate do with access to the binaries that DRM a file?) but for the most part they seem dedicated to protecting people from bad guys with access to it (even if it is only to protect what reputation it has left). Thankfully, when they do issue a certificate to your server to activate it, you (for that purpose) ever need to use the Verisign cert again - even when you are forced to renew at the end of the year.

  20. Re:Or the better (free, as in choice) option on MS Releases New Media Player Firefox Plugin · · Score: 1

    First off, you cannot use a PO Box, we had our application suspended until we supplied a real, physical, address. Also, the certificate from Verisign or whatever is not ever seen by you and is not relevant.

    What happens when they revoke a dodgy guy's license server is that they invalidate the certificate ISSUED by a Microsoft CA (in realtime) TO their license server and their license server will fail its next check (which I understand occurs extremely frequently) and stop issuing licenses (or wrapping content, which stops their media from being distributed at all).

    Also, it was a bug that allowed dodgy folks to execute arbitrary code in the context of the Local Computer zone. If you read what I said, you'd see that they fixed that. It's no longer possible to execute code unless you've stupidly allowed the Internet zone to do so.

    And you'd be paying a bit more than $500 if you get caught... there's no money to be made in allowing people to use the WMRM SDK for dodgy purposes, but there's money to be made in prosecuting those that do.

  21. Re:that punishment won't be effective on MS Releases New Media Player Firefox Plugin · · Score: 1

    This is not an easy task. You would have to have your phone number changed to a large company's, you would have to get their telecom company to change their billing details to you (and then wait for the telecom company to mail a bill to you) and then you'd have to get the CA to issue a certificate using those details.

    CAs are not slack on the requirements of this sort of thing, not since that one time some idiot at Verisign allowed some hacker to get a certificate signed as "Microsoft Corporation".

    So no, I don't believe what you're saying in the slightest.

  22. Re:Or the better (free, as in choice) option on MS Releases New Media Player Firefox Plugin · · Score: 2, Informative

    And the bastard who did it had their license revoked, without a doubt. People don't pay Microsoft for access to the WMRM software, so there is no benefit in them allowing partners with access to it to damage it's (admittedly already quite bad simply because of what it IS) reputation with no gain for them OR anyone else. Microsoft once issued a press release about this after someone was caught doing it, saying they fully intended to both revoke the offender's license and prosecute. Sure, I realise that it doesn't help you much, but hell - at least they did what they could (including fixing the bug that allowed WMP to open license aquisition pages in the LOCAL COMPUTER zone in the first place). If someone's going to bash MS, the least they can do is pick one of the many REAL issues to get them for, there's no need to invent something.

  23. Re:What I do in my computer is my business on Delete Cookies, Inflate Net Traffic Estimates · · Score: 1

    Then you fire off a report to Google that the site you found is engaging in cloaking, which Google doesn't allow - and let the site owner know you did so too. Losing Google ranking these days constitutes an internet death sentence to a site.

  24. Re:Or the better (free, as in choice) option on MS Releases New Media Player Firefox Plugin · · Score: 5, Informative

    Actually, if Microsoft catches people installing trojans via the Licensing system, they revoke their license server. In case you weren't aware of what goes into getting the software to create protected WM* content:

    1. Obtain Code Signing certificate from Certification Authority (Verisign, Thawte, or Geotrust only), which entails;
        a. Providing CA with registered company name, phone number and physical address
        b. Providing CA with copy of phone bill to allow them to call technical owner of said registered company
        c. Paying through the arse (about $500 USD) for certificate to be generated
    2. Submit application to Microsoft. This is reviewed, then...
    3. Microsoft sends a blank OCX file, which you then sign with your code signing certficate and return
    4. Post back two copies of a signed contract which has your real name, registered company name, phone number, and physical address
        a. This contract says that you're dead meat if you distribute the software to ANYONE
    5. Wait for MS legal to verify details and countersign agreement
    6. Software is delivered to you via special extranet site which you probably didn't know existed
    7. Software requires certificate to issue licenses which is generated by visiting a certain URL on WindowsMedia.com
    8. Software can have its ability to issue licenses revoked at any time by revoking this certificate

    As you can see, there's an assload of safeguards against what you say happens all the time, and Microsoft do revoke WMRM certificates for using them to install spyware or trojans. The contract then allows them to sue the person misusing the license manager SDK into oblivion as well, but I don't know whether they ever have or not.

    If you're going to make a statement, make sure to back it up with real experiences or knowledge. Yes, I do happen to know how this process works. A company I work with had to go through it recently.

  25. Re:Offer + acceptance + consideration = contract on MS Requiring More Expensive Vista if Running Mac · · Score: 1

    I have yet to see (apart from that clause in Vista's EULA - which actually according to Paolo from Microsoft means that you aren't allowed to run the same copy of Windows as a guest where it is also installed as the Host OS, which is pretty "well, DUH!" anyway) any EULA which tries to remove a right other than the inevitable warranty disclaimer.

    That's not what the license says. The exact wording is as follows:

    4. USE WITH VIRTUALIZATION TECHNOLOGIES. You may not use the software installed on the licensed device within a virtual (or otherwise emulated) hardware system.

    This precludes running it as the guest OS even if it isn't the host, and you're only using it once. The text of the legal document takes precedence over the BS statements of some random Microsoft employee, you know!

    No, because for it to mean that, then it would read "4. USE WITH VIRTUALIZATION TECHNOLOGIES. You may not use the software within a virtual (or otherwise emulated) hardware system" which it does not. It states that you may not use the software which is installed on the licensed device (the physical hardware) within a virtual or otherwise emulated environment (of course this DOES mean you can't boot Mac OS X via Boot Camp, and load a Vista partition with Parallels, but who cares?).

    Oh, and here's an official Microsoft statement from the Windows Server team: http://blogs.technet.com/windowsserver/archive/200 6/10/17/Virtual-Hard-Disk-format-becomes-open.aspx

    I would be interested in seeing some of the more bizarre EULA clauses, so if you have any examples to share, please do.

    • Some EULAs, such as those for various database programs (Oracle and MS SQL, I think), disallow publishing benchmark results (or require running the tests in a specific "approved" way).

    Yeah, that's stupid.

    The Vista EULA prohibits accessing any DRM'd stuff from within a virtualized OS session.

    That would be a restriction required of them by the MPAA and RIAA and their scummy ilk. Are you really surprised by this?

    EULAs are often non-transferable, and thus prohibit resale of the software.

    No, OEM EULAs are non-transferable, and that's because they sell them at less than half the price (on the precondition that it's bundled with something, or you're bundling it) - which sounds fair to me. Any other type of non-transferable EULA is never enforced and usually just there for some bizarre legal reason. Exemption: MMORPGs. I don't know why this is, but although they don't necessarily prohibit transfer of your software license, you can't transfer your game account.

    The Vista EULA only allows you to install the software on a different device once. After that, it's worthless.

    "15. REASSIGN TO ANOTHER DEVICE. a. Software Other than Windows Anytime Upgrade. You may uninstall the software and install it on another device for your use. You may not do so to share this license between devices"

    It doesn't ANYWHERE in this clause say that you can only transfer it once. Please also note that I pulled this from the Home Basic/Premium EULA, the lowest common denominator.

    (Source for Vista EULA info.)

    If you actually READ the page you just linked, you'd realise you can transfer licenses to other machines legitimately. It was either a mistake or they backtracked (according to Microsoft, it was just a poorly thought out decision. THAT I believe). Oh, and of course ... "Scott Granneman teaches at Washington University in St. Louis, consults for WebSanity