Slashdot Mirror


User: cbhacking

cbhacking's activity in the archive.

Stories
0
Comments
4,314
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 4,314

  1. Re:Unlimited already means 5G on Verizon Hints At Scrapping Unlimited Data Plans · · Score: 1

    I'm looking to switch carriers (off Verizon, TYVM) and was talking to a T-Mobile rep. Apparently, their "unlimited" plan works kind of like Comcast's Internet service; you get full speed up to 5GB/month, and then they throttle it back. Much though this idea annoys me, if it's a question between suddenly having slower Internet and suddenly having a vastly inflated phone bill, I'll take the slower service. It also technically holds to their "unlimited data for one fixed price" plan, unlike Verizon's offering.

  2. Re:Well on Backdoor Found In UnrealIRCd Source Archive · · Score: 1

    What I'm suggesting is part of a defense in depth. You can't rely on security through obscurity, but obscurity can provide some assistance. The concept that security through obscurity is fundamentally flawed comes from encryption/hash algorithms, which are so complex that attempting to cook your own in secret is likely to result in something that is actually easier to crack - even though you either must first reverse-engineer how it works or just use brute force - than a published and thoroughly reviewed, tested, and revised algorithm.

    I say again, a small layer of security; it's not something you can rely on, alone, but it is something that will stop a careless attacker and will take some time from a knowledgeable one, for very little cost on your part.

  3. Re:Well on Backdoor Found In UnrealIRCd Source Archive · · Score: 1

    You can add a small layer of security (easily bypassed if the attacker knows where to look, but still...) by placing the hash and/or signature verification in your installer. Add something to the config scripts, or possibly to your makefile. If you offer pre-built packages, it's even easier.

  4. Re:The remediation advice is wrong on Backdoor Found In UnrealIRCd Source Archive · · Score: 1

    Linux users, on average, are more savvy than Windows or Mac users... but a lot of them still tend to install things using their package manager or, lacking that as an option, via ./configure && make && sudo make install (or possibly putting each on its own line). Even standard configure arguments, like --prefix, are relatively unknown to your average Ubuntu or user. Besides, to most of the computer-using world (and remember that most Linux users didn't grow up with it, they came from Windows or possibly Mac OS) software installation is something done as Admin/root, almost by definition.

  5. Re:The remediation advice is wrong on Backdoor Found In UnrealIRCd Source Archive · · Score: 1

    If you installed your ircd without doing anything that requires root, you're using an unusual install approach (it's totally possible, of course, just unusual). There's no need for the exploit to occur when you run the program; put the exploit payload in the installer and you get far higher permissions for it to play with.

  6. Re:Eve combat on EVE Online PVP Tournament Streamed Live · · Score: 1

    If you want a first-person dogfighting multi-player space game, my first suggestion would be (free)Allegiance (http://freeallegiance.org) which, while not actually an MMO (the world isn't persistent), is an incredibly strategic and tactical experience where an individual game or match can involve over a hundred players and last for hours. Dogfighting skill is definitely critical in Allegiance, and you're not generally fighting NPCs - aside from fixed defense turrets, all armed units are manned by at least one player, and no player directly controls more than one ship. It's a game just made for joystick jockeys, with the critical caveat that you *must* be able to work with your team - a solo ace who ignores the team commander is unlikely to have as much benefit toward victory as a rookie flying a free scoutship, dropping sensor probes and repairing his side's ships. For added awesome, Allegiance is now free and open source, the system requirements are quite modest (the graphics were probably good by the standards of 7 years ago, and the community is actually quite welcoming of rookies.

    That said, while EVE combat is nothing like Elite (or Descent, or Allegiance, or...) it's also nothing like WoW. WoW is a game of timing and button-mashing, and while it's not totally devoid of tactics, the "correct" approach is generally fairly straightforward from what I've seen. EVE is all about tactics, except for the part that's about strategy. It's easy to lock onto an enemy and fire your guns; this takes a total of two clicks. With a third, you can set up a pre-determined orbit around your target. The catch is that your target isn't likely to let you have the orbit you want. Maybe they're faster, and try to keep transversal velocity so high that your guns can't track. Maybe they use long-range guns, and fly directly away from you, forcing you to absorb massive damage just to get in range. Maybe they use stasis webifiers and warp scramblers, crippling your ship's speed while they rip into you with close-range guns. Hell, maybe they're barely even armed, but mount heavy defenses and a warp interdiction field that keeps you from escaping until their fleet shows up surrounding you. Solo fights, wolfpacks, roaming gangs, gate- or station-camping, sniper fleets, and the various capital ships all have different strategies on when to use them and how to set them up, an different tactics of what to do once the enemy is engaged, depending on the objective and the strategies and tactics of the enemy. It is also the only game I know of where a single fight can last hours, involve over 1000 players, cost hundreds of ships and possibly the equivalent of $1000 in damage to each side... and have everybody involved enjoy the whole thing and look forward to the next one.

  7. Re:A very nice HTML5+CSS3 demo that actually works on Apple's HTML5 and Standards Gallery Not Standard · · Score: 1

    Microsoft is actually less of a holdout than you might think. The current IE9 preview (a new one was released just a few days ago) has some very nice HTML5, CSS3, and SVG support. They currently seem to be emphasizing JavaScript speed and hardware acceleration at present, rather than implementing as much of the upcoming standards as possible, but they're doing quite well nonetheless. Besides, IE9 is still a long way from release, and at the rate they're progressing I don't think MS will be as far behind as you expect.

  8. Re:Mobile Phones ain't done, until Flash does run! on Qualcomm Ships Dual-Core Snapdragon Chipsets · · Score: 1

    I take it you've never heard of the Nokia N900? Runs Linux (Maemo), comes out of the box with full Flash 9 capability (in a Gecko-based browser) and Flash 10 will be available soon. Even on the older N800 (which, unlike the 900, isn't actually a phone) I could load Pandora or watch YouTube videos using Flash - in fact, either AdBlock or FlashBlock are near-essential for browsing on those devices, due to all the Flash. Fortunately, they (and at least one other Firefox extension) are available, as is full Firefox (and therefore all its extensions).

    I've also heard that Flash is available on WinMo phones, but never tried it.

  9. Re:SSH+RDP on Free Remote Access Tools For Windows and Mac Compared · · Score: 1

    I've never used copSSH (although I've used a handful of other SSH programs for Windows), but these days I literally just use OpenSSH. NT system calls were designed to include a superset of POSIX (as well as Win32 functionality), and you can enable a POSIX subsystem that gives you a Unix-like filesystem (complete with case sensitivity and /proc, /dev, etc.) and support for POSIX system calls. Microsoft provides a free download that installs into this subsystem to give a basic but functional Unix-like environment. You can then install additional software - I use the http://suacommunity.com/SUA.aspx bundles, which include a package manager, X server, and OpenSSH (client and server). From there, you can manage ssh(d) exactly like you would from any other Unix-like system.

    The biggest downside is that you need a fairly high edition of Windows (XP Pro, Vista or Win7 Enterprise or Ultimate, or any Server edition) to enable the subsystem unless you're willing to resort to some minor hackery. It really is remarkably easy to set up though (the SUAcommunity site includes good walk-throughs) and in addition to a working SSH, you also get bash, subversion, GNU make (a complete GCC toolchain, in fact), python, perl, and a ton of other stuff.

    If you *just* need a SSH client, it's overkill, but even if all you need is a client and server, I'd recommend it. The Win32 filesystems are mounted under /dev/fs/, and of course you can make symlinks to common locations. I've used it as a server for scp and sftp extensively, for example - as you point out, it's faster than using Remote Desktop when all you need is a file or three you left on the wrong computer.

  10. Re:Missing remote access tool on Free Remote Access Tools For Windows and Mac Compared · · Score: 1

    Live Mesh can be accessed via IE (using an ActiveX applet), but if you have the software installed (it's free, and available for Mac) then you can connect to other computers in your Mesh without going through IE at all (I mentioned it's available for Mac? Bear in mind that IE isn't, anymore). I use Mesh all the time - it's a little slower and less configurable than true Remote Desktop, but also more convenient. It's really intended for personal machines though; it works fine for business-y things like transferring files and printing remotely, but the security is just based on your Live account. The connection is probably encrypted, but it's still not the kind of thing that IT is likely to approve of.

  11. Re:Lending their name to a new verb... on Comcast Awarded the Golden Poo Award · · Score: 1

    I use their "Comcastic!" term (from ads a while back) to describe the frequent connection glitches I get during those periods of my life when I'm using their service. Example:

    [Disconnect]
    [Reconnect]
    Some person: Dude where'd you go?
    Me: Sorry, this connection is Comcastic.
    Other person: Ouch, sorry man.

  12. Re:My plate is pretty full right now... on Corporate IT Just Won't Let IE6 Die · · Score: 1

    It takes a bit of tweaking, but you can actually make IE8 look a lot like IE6 as well. Restore the Refresh and Stop buttons to their old position, show the menu bar permanently, disable tabbed browsing (shudder), remove the command bar and search box, and generally move things around until it closely approximates the old look. Of course, you have to throw out a lot of functionality and probably can't get it to look exactly like IE6, but it'll be close enough for most people. Using Firefox with a skin plus the IETab extension (configured to be used on Intranet sites, or wherever else IE is needed) also works.

  13. Zoom feature is your friend on HDTV Has Ruined the LCD Market · · Score: 1

    I haven't tested this in all web browsers, but I've seen the Zoom feature of IE8 used to enlarge Flash applets. It works pretty well - maybe a little fuzzy, but easily visible, and the interactive portions of the applet enlarged and shifted with the image. Given that all major browsers have a full-page zoom feature (as opposed to the older text scaling, which didn't help with Flash applets), this really shouldn't be a problem anymore.

    I'd test it right now (from Opera 10.5) but that would require downloading Flashplayer... :-/

  14. Re:Find a new site on Website Mass-Bans Users Who Mention AdBlock · · Score: 1

    Coincidentally, I've been mostly without mod points for the last few years too. Mind you, I left the "Disable Advertising" box un-checked - in my case, the dearth of mod points dates directly the changes in the metamoderation system. The new system is sufficiently annoying that I simply don't bother anymore, and since metamod seems to matter more than just about anything else with regard to getting mod points, that means I don't get tehm anymore. I used to metamod extensively, sometimes a few times a day, and receive mod points perhaps 2-4 times per month. Now, I metamod every few months, just to see what new wrinkle they've added to the interface, and I receive mod points maybe twice a year.

  15. Re:They pay the bills, so STFU on Website Mass-Bans Users Who Mention AdBlock · · Score: 1

    Not that I disagree with the spirit of what you say, but this is one of the reasons that I *DON'T* use Firefox - it's still entirely too easy for one bad site/script/flash applet/whatever to bring down the whole browser. It might crash, or it might hang, or it might just run *REALLY* slowly, but you can't do anything about it until you kill the offending tab, which typically (in such cases) requires killing the entire browser. If it's a crash, then you don't even have a chance - everything goes away, and you hope the session restore works and you didn't have too much info entered in a form.

    IE8 and Chrome both do an admirable job of avoiding this problem via per-tab process isolation - that is, each tab runs as a completely separate process, and can be killed individually. If one of them crashes, the rest of the browser is almost never affected. It's very simple and straightforward (from a user perspective - talking to a Chrome developer it become clear that it's non-trivial from a programmer perspective), works wonderfully with multi-core systems, and honestly should be the *expected* behavior for a tabbed browser.

  16. Re:Blizzard did the same thing on Website Mass-Bans Users Who Mention AdBlock · · Score: 1

    Regarding the 0-day exploits in ads business, there are solutions. Blocking ads helps a lot, of course, but there are sites which I intentionally unblock because they offer a good service that I feel they should be compensated for, and two such sites at one point tried to serve me a (presumably) malicious PDF file.

    Honestly, the best bet is simple advice that anybody who understands computer security at all should already be following: don't ever, for any reason, unless absolutely necessary, run any Internet-connected program as Administrator/root. It's really quite simple. I don't care if you use Firefox, Safari, Opera, or IE6; if you only run as a standard user the vast majority of malware will simply fail to work, and anything that does hit you will almost certainly be trivial to remove. Windows Update needs Administrator. On occasion, it's necessary (or at least extremely convenient) to run Visual Studio as Administrator. However, there's no need to run your music player, your PDF viewer, your IM/chat client, or your email client as Admin... and there's damn well no good reason to run your web browser as Admin (the exception being people who still have such an obsolete OS that the update mechanism is part of the web browser).

    In theory, malware could chain together an exploit for your browser/media player/PDF viewer with an elevation-of-privilege exploit, but the odds of encountering such a thing are miniscule compared to the odds of encountering one that just assumes it has full control, and a patch for either exploit will render the malware harmless. In any case, it's not meant to be the be-all and end-all of security - you still should be careful, update regularly, and not use software with known vulnerabilities - but it does follow two of the core ideas in security: Principle of least privilege (if a program doesn't need Admin, don't run it as Admin) and Defense in depth (prevent an attack from succeeding with only a single exploit).

  17. Re:Not Very Comparable on Microsoft Announces End of the Line For Itanium Support · · Score: 1

    I wouldn't call GCC 3.3 a great compiler, but it's at least decent. GCC4 is definitely better, and included in newer versions of Interix. GCC in Interix will handle C, C++, and Fortran. In addition, if you do software development on a Windows system, the odds are you have the MSVC compiler, which you can invoke with the cc/c89/wcc commands (in Interix these are shell scripts that massage the UNIX-style operators to their Windows form, then invoke cl.exe and make it produce a POSIX binary). All in all, the complaint about the compiler is a bit silly.

    A package manager, X server, and large host of utilities can be installed from a couple of different locations. I've personally found http://suacommunity.com/ to provide the best bundle; it's an easy download and install, simple to update, and I've found the forums to be generally quite helpful when issues are encountered or a feature/update/new package is requested.

  18. Re:Not Very Comparable on Microsoft Announces End of the Line For Itanium Support · · Score: 1

    The problem with Cygwin is that it does everything on top of Win32. For example, it's fork() syscall is pretty ugly - it involves a Win32 CreateProcess() call, plus various other things to achive the effect of fork() without inconvenient side-effects. This both slows things down - multiple levels of system call translation - and means that it inherits all of the limitations and quirks of Win32.

    Filesystem case sensitivity - NTFS and the NT kernel support it, POSIX (or at least some apps for UNIX-like systems) requires it, Win32 completely ignores it. It will preserve case sensitivity on create or rename, but you can't create multiple files/directories differing only by case.

    Permissions structure - POSIX ACLs are simple, but include things like SetUID and the Sticky bit. Windows NT permissions are far more complex and fine-grained, yet from within Win32 there's no way to emulate things like SetUID. Among other things, this means that programs like sudo simply don't work (it's a very simple program, the magic is in the SetUID bit). This may not bother the average user of XP, who does everything as Admin and thinks Windows 98 was a multi-user OS - it let you choose different wallpapers, didn't it? - but to the security-conscious, this kind of thing makes Interix usable in a way that Cygwin is not. It also means that unlike with Cygwin, your executables don't have to be named with a .exe (or similar) and the execute bits in NTFS ACLs (present, but almost always set and almost never changed) actually mean something to your shell (for scripts, and the like).

  19. Re:Not Very Comparable on Microsoft Announces End of the Line For Itanium Support · · Score: 5, Informative

    The POSIX NT subsystem (and Interix, the user-space software that runs in the subsystem) have existed for a very long time, possibly all the way back to pre NT 4. The NT kernel doesn't actually use Win32 (or Win16, DOS, or Win64) system calls; it uses NT system calls,w hich are a superset of the functionality in all of those, plus the functionality required for OS/2 and POSIX. For example, the NTCreateFile system call not only implements the Win32 CreateFile system call (as seen in Win9x) but also the OpenFile system call (Win16) and the open system call (POSIX). For each API that NT supports, there is a user-mode DLL that translates the API-specific system calls (such as open(2)) to NT system calls (such as NTCreateFile()). These are then passed to ntdll.dll, which executes the actual system call (invoking ring-0 kernel code).

    The OS/2 subsystem was discontinued years ago, but the POSIX one is still supported. From XP forward, it's been possible to enable the POSIX subsystem and download pre-compiled libraries, shells, utilities, headers, build toolchain (optionally using GCC or MSVC), manpages, and so forth to produce a working, if somewhat bare-bones, UNIX-like environment. Initially called OpenNT and now known as Interix, various third parties have provided additional functionality such as package managers (apt, portage, pkgsrc, or one specifically for Interix from http://suacommunity.com/ ), additional shells, libraries, utilities, X servers, and more.

  20. Re:Probably not on Microsoft Announces End of the Line For Itanium Support · · Score: 3, Informative

    Just to keep this clear: you're talking about NT (which wasn't even called "Windows NT" initially, internally). NT is almost entirely written in C, and the few architecture-specific parts are abstracted from the core codebase and typically present in assembly modules which are maintained for multiple architectures and which the compiler automatically uses the appropriate one for the current build. There's some use of inline assembly or specifics of x86, but it's all behind #if blocks, with the equivalent checks for other CPU architectures. Overall, NT has been ported to at least 5 architectures that I know of - x86 (32-bit), x64, ia64 (Itanium), PPC, and DEC Alpha. If MS wanted to, it would be possible to port it to ARM, MIPS, SPARC, or almost any other reasonably modern architecture of at least 32 bits.

    By comparison, Win9x has a ton of assembly code that enabled it to run fast even on low-end machines, keeping the system requirements down (and making it attractive to home users back in the days before consumer hardware caught up with the demands of NT). Of course, use of assembly like this has downsides - 9x was badly unstable, and completely non-portable. It only ever ran on x86, and I'm not even sure it made much use of the features found in any version after the i386.

  21. Re:So 64-bit ASLR on Windows is flawed as well... on IE8, Safari, iPhone All Fall At Pwn2Own Contest · · Score: 1

    What exactly do you mean by "completely separate build? It's a compiler switch, and few bits of inline assembly swapped out for a few other bits. I could install a 32-bit kernel and userspace side-by-side with my 64-bit one, and boot into either on demand, and the source code for them would be the same, but they would be different binaries. It's possible that the "fat binary" system that OS X uses allows you to put 32-bit and 64-bit code into the same executable (to a limited degree, this is actually possible with PE binaries as well) but I grantee that the build process is still much the same - parse the same source code, build the same AST (even same pointer sizes, since kernel code uses 64-bit pointers for PAE compatibility), then emit either x86 assembly instructions or x64 assembly instructions. The assembler and/or linker might combine those into a single binary file, or they might not, but it's the same source yet different CPU instructions in either case.

  22. Re:Doesn't matter on Planned Nuclear Reactors Will Destroy Atomic Waste · · Score: 1

    Take a look at the http://en.wikipedia.org/wiki/Solar_updraft_tower .

    The numbers I read suggest that each square kilometer could produce several megawatts (up to 10, depending on conditions), comparable to a large traditional plant. You still need a lot of land, but there are a lot of places where land is cheap. Also, the space under the collector need not go to waste - grow crops there instead. It is literally a (windy) greenhouse, and moist air actually increases collection efficiency.

    Such plants could simultaneously produce massive amounts of food and power. The required moisture in the air tends to be lacking in the desert, but they end up reclaiming that moisture each nightfall (although obviously the crops absorb some of it, so you do need to continuously provide more). The energy density certainly isn't terribly impressive, but there's a *lot* of terrain that could be used for things like this. For that matter, you actually could encase existing farmland, if you wanted - it might even increase production.

    From what I read, the problem is building the cooling/exhaust towers. They need to be tall and wide enough to hold the majority of the air that rushes through the generators each day, otherwise you both lose efficiency (the energy of the moisture-heavy air rushing back down the tower at nightfall can provide lots of power) and water retention. The altitude to which the tower needs to be built depends on local atmospheric conditions - how fast air cools as it rises, and how hot the air will be at the base of the tower - which leads to such slightly awkward numbers as Namibia's proposed 1500m (very nearly a mile) towers.

  23. Re:I'm going to buy an Ipad - and here is why: on 5 Reasons Tablets Suck, and You Won't Buy One · · Score: 1

    I've been watching this electronic book stuff for a while now - and I feel it's time for me to jump. I'll give away / donate my home library (thousands of dusty books) and replace them with an Ipad. Even if it did nothing else it'd be worth the price for just this one function.

    I'm deeply confused... you talk about the Kindle, so you obviously know it exists. You mention covers that let you hold an iPad like a book - are you not aware that such covers existed for the Kindle since long before the iPad was anything but a vague rumor? You talk about tablet-like e-readers then about Windows in the next sentence, as if there is any connection between them (the Kindle uses a Linux kernel and a custom UI, but perhaps since it has a hardware keyboard and no touchscreen it isn't "tablet-like" enough for you, in which case I ask why "tablet-like" matters at all?).

    What you want already exists, it's well past the first hardware revision, is widely used, costs less than the iPad, has immensely better battery life, is easier to read text on, and can still browse the web (with built-in subscription-free cellular data access, even) and play music. It's called the Kindle. There's even some competition in that market, with different variations offering different sizes, features, and costs. If you seriously mean the sentence I quoted, why the hell would you get an iPad? The Kindle is far better for the purpose.

    Also, for what it's worth, my Win7 tablet computer is fantastic for reading ebooks while on the plane or lying on the couch. It's not anywhere near as good as a Kindle would be for that purpose, and it cost a lot more, but then again it's also a highly portable device capable of running Windows and all the software for it, a fantastic note-taking device for class or meetings at work, and a fully capable laptop with a keyboard, USB ports, VGA port (good for presentations), SD cardreader (nice for storing photos from my camera), hard disk (small by HDD standards is still huge by the standards of something like an iPad), and all the other features one expects from a computer.

  24. Re:Apple's tablet is different from other tablets. on 5 Reasons Tablets Suck, and You Won't Buy One · · Score: 1

    FYI, most tablet computers from the last 18 months or so have offered multi-touch displays. Lenovo was the first big name to do so, over two years ago. With the announcement that Win7 would have native multi-touch support, lots of other manufacturers added the capability.

    The iPad has a low price (though not amazingly low) for a full convertible-laptop tablet computer. It has a high price for an over-sized iPod Touch or N800. It also costs a lot more than a netbook.

    Most devices, tablets included reboot very rarely these days. When a device will happily sit in sleep mode for over a week, why would you bother to shit it down entirely? My (Win7) tablet comes out of sleep mode in roughly a second.

    It is lighter than a traditional tablet computer. It is heavier than an iPod Touch that has the same capabilities except for a smaller display. It is heavier than a Kindle that gets far better battery life and costs less too. It's light enough to carry around, but too big for a pocket.

  25. Re:Author ignores the main reason tablets failed on 5 Reasons Tablets Suck, and You Won't Buy One · · Score: 1

    The problem you're having with portability (heavy, hot, etc.) is because you're using HP's consumer-grade tablets. They're cheaper than the business-grade ones, and offer more features (optical drives, processors above 1.5 GHz, etc.) but also have much worse battery life and weigh far more. My university campus is well over a mile on a side, and the distance between my classes can be upwards of half a mile. I've walked that entire distance with the tablet (in slate mode) on one arm, interacting using the stylus, with no discomfort (typically the fan won't even turn on, which of course helps with battery life). In full sunlight, for that matter - the screen is very clear but non-glossy, and bright enough to be daylight-viewable easily. As for battery life, this is after an hour-long lecture where I was taking a bunch of notes, and on my way to a 2-hour lecture where I took a bunch more. At the end of that, the battery will still be at roughly 1/3 charge, and I may or may not charge it before going to the first of my hour-long lectures the next day.

    Granted, my tablet only has 1.2GHz CPU, although it's a Core 2 Duo so the performance is still really quite adequate (and it runs Win7 x64 very nicely). The Intel integrated graphics limit it to very light gaming only, but are fine for everything else. The 1.8" HDD is tiny (80GB) and slow (4200 RPM, sequential access speed of ~40 MB/s) but cuts down greatly on size and weight. All in all, it's a bit over 3 lb (call it 1.5 kg) and I'm about as fit as your average computer engineering student, yet upon reaching my next class my arm was not actually tired.