Slashdot Mirror


User: KGIII

KGIII's activity in the archive.

Stories
0
Comments
12,959
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,959

  1. Do you complain when you didn't lose something? "Damn it, I didn't get mugged or lose my car keys today!"

  2. That is after taxes so... Franklin County, Maine.
    http://quickfacts.census.gov/q...

    It'd not be too bad. Figure it's at least $10 before taxes so it's at least $20,000/year. The median income is cited at the link. That's about $22,000/year. I think poverty is $12,000/year.

  3. Re: And this is...news? on Yelp Employee Posts Open Letter About Cost Of Living And Low Wages, Gets Fired (modernreaders.com) · · Score: 4, Insightful

    I'm not sure that's entirely accurate.

    I believe we're looking at a false dichotomy. Not all labor is equal. Should it be a living wage to work as a fry cook? Should it be a living wage to work in a convenience store? Or should they be in a position where they have to pool their resources and live more frugally than someone who makes more than that? Does everyone "deserve" to live in San Fransisco and expect to be paid a living wage there without having to pool resources and live frugally - even if they're a fry cook? Are there no consequences for poor choices? And no, not everyone has made poor choices - just not like everyone is in their situation through no fault of their own.

    Some people have shitty jobs because they've done stupid things. They now have to pool their resources and live frugally. Should I be able to have a nice apartment and the various accessories that we use today - on a convenience store salary?

    I can see a logical argument for both - but you didn't actually present that argument. You just insisted it was so.

  4. Re:Trust the jury ... on TPP Change Means Drastically Higher Penalties For Copyright "Infringement" (eff.org) · · Score: 5, Interesting

    I don't know if this is true. I've sat on more than one jury and I'm quite aware of Jury Nullification. I can say that nobody has ever, not once, mentioned it while I was present. However, I know what it is and when I'd feel it is appropriate to utilize that power. I've yet been on a jury where it was an actual concern. Unlike most, I don't mind jury duty. I kind of like it. I'd do it more often, if they'd let me. It's pretty boring most of the time. But, I enjoy it and I pay attention and I understand the burden. I'm aware of the consequences of a poor juror and jury. Being an obstacle in the way of a miscarriage of justice is a good thing to be. I like jury duty.

  5. Drupal is awesome but not that easy to figure out at first. 'Snot too bad once you get it figured out. Joomla kind of sucks. I've tried to theme Joomla and, well... Let's just say that I am not a graphics artist. Or a patient man... I can handle Drupal. I don't mind WordPress but it needs babysitting. At least it's generally pretty smooth to update.

  6. I don't know how to do the latter. If I were to try this, I'd strip out the time checks and security from the phpBB script, run it locally, and hammer that with a dictionary and then a brute force attack. It'd work and I'm gonna get results. Anyone with a short and easy password will be gone quick. I've already got a list of usernames to check, I might split them and assign them some priority based on what I can glean from the site and see who's an admin and whatnot. I might even load it on a few boxes and do different priorities. Why not?

    It should be clear that I'm not gonna do that. I have no interest in doing that - but I do have curiosity. In other words, I'm not interesting in breaking into their property. That's how you go to jail. I wouldn't mind a phpBB DB to play against. I haven't done anything like that since the mid-1990s. A lot has changed since then and I'm sure the tools are really nice. I'd probably just use CURL and check the resulting page for welcome text and build my own. :/ Err... I'm pretty sure your way would be much faster. (Consider, I've never actually looked at phpBB's security but I'm sure I could find it and comment it out.)

    You newfangled kids and your fancy and effective (and cheaper and faster) methods! Get off my lawn!

    Oh, and I'm well behaved today. I have to be. You go right to prison for playing those sorts of games now. I could just build my own DB and poke at it. I'm not sure what the benefit would be.

  7. Yeah, that'd probably be faster than punching through the phpBB script's login function. I'd have just built a local phpBB instance and pounded on it after removing the timeout security checks and capcha if applicable. I've not done anything of the sort in a very long time. I'm not going to start up now. But, that's how I'd have gone at it. Start with dictionary then brute-force. It should be fast enough as it's being run locally. Anyone without a complex password is gonna be found pretty quickly. Unless I'm missing something. As I mentioned in my other reply, the landscape has changed and it's a felony to go out poking at stuff like that. Screw that.

    I guess I could build one out and just populate it with a little data and see what happens. That's not a crime. Then again, they might say I have hacking tools. I don't think that's illegal, yet. It's too bad, I'd have liked to have kept up on it in detail. There were times when it was rewarding - not financially or anything. Just a success is fun. Err... PHP was still pretty new the last time I really even played with it.

  8. Alright. I'm kind of getting it. Needless to say, I've not gone password cracking in a very, very long time. Err... I'm a bit more responsible these days. I'd also like to avoid felonies. We used to have some neat ways to just hammer on the regular user/password combos in a dictionary attack and get plenty of hits. If you can refine that to specific usernames, you're way ahead and there are a lot more cheap compute cycles kicking around now. I think I'm going to just continue to observe and pay attention as opposed to trying my hand at what's happening today. The landscape is much different and the penalties for doing so are much higher - as well as the likelihood of being caught.

  9. Re: Better question on Where Do the Presidential Candidates Stand On Encryption? (windowsitpro.com) · · Score: 1

    Ha! You're right. I meant memory. And Slashdot is my personal blog!

  10. Re:My own experience with murdering this shit. on Windows 10 Forced Update Resets Default Apps To Microsoft Products (theinquirer.net) · · Score: 1

    I've not done it in a long, long time. That looks not too dissimilar from my memory. You're missing browser and email configurations. I kept a lot of systems without resident anti-malware. I had (probably still have) a neat little script to set services and you could even select a profile. I'd then lock down as a non-admin after creating an admin account and logging into it once (as well as make a few additional changes).

    Man, I switch distros and I just don't format my /home directory. Hell, I can get a Live USB up and running completely in about 10 minutes and that includes customizing the software as I prefer browser and do a lot over VNC. I can do less tweaking and just do that and I'm almost good to go, right out of the box. If I don't have a distro that suits, I can build an openSUSE online and have a live distro that has whatever I want on it. I can make my own and just use persistent data if I want.

    I stop and think back to having to do all of that shit and it just strikes me as insane. That's absolute crazy talk - and even more insane if you have to do it often enough to keep a checklist. (If you're an admin, you should really have images, regardless of the OS - except maybe Apple. I dunno how they do that, probably pretty easy. Google knows and I'm sure they've got that feature somewhere.)

  11. Re:Article is inaccurate on Windows 10 Forced Update Resets Default Apps To Microsoft Products (theinquirer.net) · · Score: 2

    Telemetry is a bit more than that. It's what you open, when you open it, how long you had it opened, and it may even contain information about what features were used and things like that - it can get a bit refined. I don't have a problem opting to share that data. I clearly make that choice. I want them to know when my computer crashes and why.

    What I don't like is that it would appear that "off" does not actually mean "off" in all but the Enterprise version. I find that an affront. Off means off. I don't know if it really says off but I'm told it does. If it turns out that it does not, in fact, say off then I've slightly less concern. I don't actually use Windows on my computers so it doesn't impact me but I really would hate if they were lying to me. Off means off. I expect the user to do due diligence but only so much. You should be able to trust that off means off. If you can't trust that, what can you trust?

    Me? Oh, I'll be fine. It doesn't phase me one bit. I send crash data and telemetry data on my Linux boxes. However, if I turn those settings off - I can check with Wireshark or run it through a pfSense box and see that it's not doing it behind my back. And I probably will check once in a while. It doesn't take long to filter a good dump and get meaningful data from it. I'd not even care if they said, "Nah bro, you can't turn that shit off all the way. That's not an option unless you buy a much more expensive version. Oh, and fuck you." That wouldn't bug me nearly as much. At least they're being honest. Right now they're saying that but they're lying about it. Off means off.

  12. Re:Is it time for a class action? on Windows 10 Forced Update Resets Default Apps To Microsoft Products (theinquirer.net) · · Score: 1

    I have a real honest-to-goodness neckbeard and am happily using Linux right this minute.

    I respectfully disagree. I do not agree that Microsoft is in a position where they are a monopoly. They might have some market segments locked down fairly well but they're hardly a monopoly. The average compute device is running Android and more people compute with hand-held devices than they do with a desktop or laptop.

    These days, the heavy lifting is being pushed back out into the server room so if they do any heavy lifting at all - that's probably done on a server that runs Linux.

  13. Re:Is it time for a class action? on Windows 10 Forced Update Resets Default Apps To Microsoft Products (theinquirer.net) · · Score: 2

    The judge is going to want to know what harm you can prove. While having to reset the defaults is a pain in the ass, it's probably not worth a whole lot and probably isn't going to get them to change their behavior. You've got to prove harm. Telemetry isn't harm (according to the courts) in the US - yet. I guess you could try for that but they'll just put a bigger warning in their EULA or change some wording around. I think you'd actually need some legislation and they'd just be included in that legislation - grandfathered in, and not actually in a rush to make a new version of Win 10 but planning on doing a rolling release cycle. So...

    Err... Hmm... Yeah, I umm... I guess I'm fortunate in that there's no software that makes Windows a compelling choice for me. I don't even have a Windows VM. I do have a Windows phone but that's because I don't do anything but browse, email, text, and make phone calls. Oh, sometimes I use the GPS but I've never actually used the GPS (or bluetooth) with this phone. I've never listened to music on it nor have I watched a video on it. I've never even played a game. I don't even have any apps on it that did not come with it - but it's a myth that there are none! I've looked and there are some. There's a bunch, actually. I don't actually need or want any.

  14. I don't actually need a job but that'd be a damned easy job to do. I wonder how one gets the job as an astroturfer or shill? I write a lot. I'd probably do okay at it. I'm not sure I could do it for a product I didn't like, however. Meh, then again... That'd depend on how much I needed the money or how much I liked the company.

  15. Foxit Reader is also available for Linux. It's fairly light and stable. I don't do much more than read PDFs or sometimes save files as a PDF.

    Evince is also a suitable reader. Oddly, it's named "Document Reader" on my distro. No, I don't actually know why.

  16. Ha! I just ran apt-get update manually and it offered me an update to the "update notifier." I'll probably be getting those Windows 10 nag screens any minute now!

    (No, it really did just push that update down the pipes.)

  17. Yeah? Well... Microsoft never said they weren't implanting children with microchips and controlling them with alien technology! So, there! /s*

    * /s, or sarcasm tag, included because I'm pretty sure it might confuse some people if I don't mention it.

  18. This isn't new. The forced updates part is new. But, if you updated Office, it used to reset Outlook as the default email and nntp client - every... friggin... time...

    Yes, yes I have bitched about that behavior in the past. I don't know if they ever stopped it. I do know that it sucked.

  19. Re:Progress on NASA Aeronautics Budget Proposes Return Of X-Planes (phys.org) · · Score: 1

    I am told that, if it has the anticipated numbers built, it will be cheaper than many other options that were/would be available at the current levels of tech and engineering. How true that is, I do not know. The numbers are greater than purchase price. I can not swear to the veracity of those statements. However, the per-plane price, as the TCO, is supposed to be less expensive than what other options are available for a plane that serves those functions.

    Nobody, for example, expects a plane that is a "jack of all trades" to be anything other than a "master of none." Well, nobody but journalists and people that listened to them think that. They don't expect the development and roll-out to be cheap. They don't expect them to be without flaws and without the need to make adjustments. They don't expect them to be better suited for individual roles than dedicated devices.

    Military equipment is not just expensive to purchase, it is expensive to maintain. And it all needs to be maintained at a state of readiness that has some variation but it's generally good to have as much as possible on immediate stand-by or close to that level. They need to be kept in absolute peak condition, at nearly all times, and able to be fielded quickly and easily. That's expensive. This is supposed to significantly lower those costs and provide a plane that is "good enough" at a variety of roles.

    Most procurements are looked at in a TCO valuation. That even includes human assets. I believe at current levels, an estimated 75% of all military personnel is in support roles. I'd expect similar costs, probably at a greater ratio actually, with equipment that is complicated - such as airplanes. Being able to repair, change production numbers, and make some adjustments that result in a plane for different use cases is supposed to be where the savings are and, looked at logically and citing historical numbers, they're still claiming that it will be less expensive.

    Again, I've no idea how valid their claim is but that's the general idea.

  20. How exactly are they brute forced? I guess that's what I'm not getting. If they'd be doing simple brute force, why bother with the hash at all and just not authenticate it on a server that they control? How would they brute force the hash - and wouldn't each one be unique? It seems to me that's just a waste of time when they can use phpMyAdmin (for example) import the DB, and just use a local version of phpBB with timeout or attempt limits nullified from the script?

    I'm really positive that I'm missing something. Thanks for your patience. ;-) What am I missing? They're all unique so they'd have to be done individually. Why (or even how) would they be futzing with the hash instead of just attacking the login system and resolving it like that with dictionary and then brute force methods? Even if they "brute force" it that way then they're not really even dealing with the hash as that'd do them no good in figuring out the next one in line.

    Give me 20 minutes and a good search function and I can probably find the limit checks in the script and comment them out. I don't have a brute force tool and dictionary built (currently) but I can find one in a few minutes via Google. I'd be brute forcing the password, however. I'd not really be brute forcing the salted hash. The end result is the same, of course. :/

  21. Doesn't phpBB use different salts for each user? If they do and if I am understanding properly then I'm not sure how far they'll get? Though, to be clear, I am not 100% certain that I'm understanding everything correctly. They really shouldn't be able to do much in the way of brute forcing?

  22. Re:Progress on NASA Aeronautics Budget Proposes Return Of X-Planes (phys.org) · · Score: 1

    Ah... I think I see your problem(s). Let's start with what I think is the root of the problem.

    Only the media (and not even all of them) made the mistake of thinking that the F-35 was supposed to be the "best in US aerospace." Not even close - it was known that it would not be the fastest, the most stealthy, the best fighter, or the best at anything. In fact, it's pretty much what was expected and given a whole lot of extra scrutiny and yellow journalism.

    If I'm reading you correctly, that's the root of all your problems. You don't appear to understand the objectives, limitations, complexities, methods, or environment. Like most things, it's complicated. The F-35 is a good example. The F-35 was never meant to be, and will never be, what you're expecting. Being the best has absolutely nothing to do with the F-35. It was never a design goal, that's an impossible design goal. Once you get past that, you'll probably see where some of your other problems originate.

  23. It's not highly insecure out of the box. It used to be pretty bad but it has improved greatly. The plugin framework isn't insecure, in and of itself.

    Nothing is secure, they're all varied degrees. I get far more security updates on a stock Linux distro install than I ever did on a stock Windows install. Yet, I'd still say that Linux is secure - because I know that nothing is completely secure, so the definition is reduced to "reasonably secure."

    Speaking of Windows, you can use Windows normally and just fine - without any active resident anti-malware application. Just keep your browser locked down, get apps from their source, and keep things up to date. I did it for years just to prove it can be done. I'd check and do the various scans with updated definitions here and there and never *noticed* any signs of intrusion or malware and was actively looking for such.

    You don't *have* to rename pages, change permissions, or even use a separate admin - so long as you're willing to use a long/complex password. The security issues come with people being people. If you don't follow the directions, you get insecure products. If you leave the setup.php behind (after having been instructed to remove it - when the server's not configured to allow it to do it on its own) then you get an insecure product. If you're using add-ons that are insecure, you have an insecure result. That's not the fault of WordPress. That's the fault of people being people and trying to do things they're not qualified to do thus have no business doing.

    So, I gotta disagree. Security is a process, not an application. The converse is quite frequently true. If you're not going to be attentive and keep things up to date, that's hardly the fault of the software. The framework's not bad (so far as I know) by itself. The script isn't even bad - by itself. You can make it a bit more secure but, by itself, it's not bad. It's when they don't update it or the add-ons that they get insecure. In fact, I have a couple of WordPress installs that are just fine. They don't have any third party extensions at all and the password's a long and complicated affair - and I've got a different username but that username's probably easily guessed.

  24. Probably not. You know they like Linux, you've got a known working (verified) email address, you've got a username, you might be able to make some sort of personal profile based on forum comments. You can check locations with IP addresses but that's not always a certainty. You can probably narrow down which is their preferred Mint. Depending on what they've said in public (and maybe in private) then there's some potential to assign that profile to a person. If they've used the email and/or username elsewhere, they can put some more data together.

    It really depends on what they're willing to put into it for effort. $85 is pretty cheap but they're probably not selling it as an exclusive so others will be targeting the users. They'll probably be coming through the data. It's a relational database so they may even automate some of this away (I would) and then simply start running reports. They might even have a way to weigh the data and find the more prominent posters and "mash up" what data they've shared. They'll potentially have some of the site's maintainers, admins, and even the dev team interacting with each other via PM. They might have even been dumb enough to PM passwords to each other.

    But no, really that's not much. Not as far as data spillage goes, it's not much at all.

  25. It's not really WordPress that's so bad. Not really. They used to be pretty bad but they, themselves, have gotten their act together. The problem is that people don't keep things updated and will use extensions and add-ons and the likes from anywhere. They won't keep those updated either. If they're maintained well, if you pick the add-ons by activity and reputation and timely security fixes, and if you're a little attentive then you'll be okay.

    There are a few add-ons (oddly enough) to help with this. There are ways to automate unattended updates. There are ways to lock down the permissions and make the suggested changes. Use a separate administrator name than user. Rename a couple of pages. After setup, remove the setup files, set the permissions to 555 when not in use, etc... You can do quite a bit, if you want. I've seen a few good guides - hell, there's a few people here who have done it enough that they can write you a guide in ten minutes and know which add-ons to use to secure it and which files to rename, all without opening a new tab.

    (That's a hint, by the way. If, you know, someone's got some advice...)