Slashdot Mirror


User: cbhacking

cbhacking's activity in the archive.

Stories
0
Comments
4,314
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 4,314

  1. Re:Killing Processes on 20 Features Windows 7 Should Include · · Score: 1

    I actually use PowerShell for killing processes these days. It has a kill command (actually an alias for Stop-Process, but there are a bunch of default aliases intended to make *nix users more comfortable, like rm for remove/delete, and an 'alias' command itself) that is very quick and responsive, and allows killall-type functionality (for example, kill -n outlook or kill -n syn*). There's no top eqivalent that I've found, but it does understand ps.

  2. Re:Untrusted Apps on 20 Features Windows 7 Should Include · · Score: 1

    Vista actually already monitors stuff that makes the computer take longer starting up or shutting down or resuming or whatever. Check out the Reliability and Performance Monitor (in Computer Management, or the Administrative Tools menu). It will tell you if a driver (and I mean which driver) is slowing down resume-from-standby, or perhaps a particular piece of software is taking too long to close when shutting down.

  3. Re:TFA is crap on 20 Features Windows 7 Should Include · · Score: 1

    Truly said. Some of the things that were ESPECIALLY ridiculous:

    WinFS. Never gonna happen - the database overhead slows filesystem IO far too much.

    Drop 32-bit support: There's a LOT of 32-bit still out there, including a decent number newly manufactured 32-bit processors (especially in the growing ultramobile category). Also, while PAE is a real hack with problems of its own, the 4GB max memory barrier isn't the hard wall the way the author suggests that it is.

    Standards compliant browser. IE8 is a huge step forward, but if it passes Acid3 before Win7 ships I'll buy everybody on the team a drink, and then some. The best we can hope for is that it supports CSS 2.1 and some 3.0 properly; getting full JavaScript compatibility is vastly unlikely (however happy I'd be to be proven wrong)

    Modularized OS. Windows Server is moving this way, with stuff like CLI-only installation. I can't even imagine that happening in a home edition, and unlikely in a professional one. You can already add or subtract a lot of features - I'm running the optional POSIX subsystem and could enable IIS if I wanted - but Linux-level customization? Get real.

    Barebones kernel. I won't pretend the Vista kernel isn't extremely complex, but it's complex for a reason. Additionally, the kernel is *not* the performance bottleneck. Say what you will about the rest of NT, but the kernel is a quality piece of code.

    Alternatively, just for a bit of flavor, the list of stuff that's already here (in Vista or prior):

    Simplify and manage startup items. It's called Windows Defender; there's already links in Windows that take you to its Startup Software tool, which is very user-friendly.

    Driver Availability. I must have been using some amazingly compatible hardware, because I've not had driver issues with Vista since build... 5408? The February 2005 CTP, which wasn't even publicly released. Even then, ATI had working drivers for WDDM, and if there was no Vista-specific driver, you just loaded the XP one and it Just Worked (most of the time). From RC2 (5744) to today, I can't think of a single piece of hardware I absolutely could not make work - mostly it was a hassle working with XP where the plug-and-play driver database was out of date and it wouldn't automatically check online.

    Diagnostic Tools. Vista's install DVD already includes memtest and other tools. Some of them are even installed and can be run while the OS is booted

  4. Re:13. WinFS on 20 Features Windows 7 Should Include · · Score: 1

    Probably later (since there's actually an honest chance of DNF arriving in the foreseeable future). WinFS was basically "hey, let's make every filesystem IO task also involve a query across 20 database tables with possibly thousands of records in each". It was never practical on hardware of the foreseeable future.

  5. Re:I'll believe it when I see it on 20 Features Windows 7 Should Include · · Score: 1

    Having spoken at soem length to Mark Zbikowski (former FS guru at MS, he now teaches at my university), WinFS was never going to go anywhere. The performance demands of having every filesystem access also be, in essence, a database query across like 20 different tables were strangling it. It's not a replacement for NTFS anyhow, just an extension. NTFS did get extended in Vista - Volume Shadow Copies (technically Server 2003) and Transactional IO were added, and both are very cool (wothout destroying performance of computers that could otherwise run the OS just fine).

  6. Re:Easy... on 20 Features Windows 7 Should Include · · Score: 1

    Actually, this was one of the (relatively few) suggestions in the article that actually makes sense, is doable, and has a hope in hell of being allowed through. Specifically, it mentions a "gaming mode" which would be a boot-time option where only those services, drivers, and startup programs needed for gaming would be loaded.

  7. Re:Is Linux kernel 2.6.26 == Linux 2.6.26 ? on Linux 2.6.26 Out · · Score: 1

    You forgot the other (optional and/or deprecated) NT subsystems. I could be writing this from DOS/Win16/Win32/WOW64/POSIX/"OS/2"/Windows NT. (Actually, I do have the POSIX subsystem enabled, and I'm leaving out Subsystems like the graphical SS and the local security SS and all that...)

    Of course, those were all produced in-house, and Microsoft does refer to the OS as Microsoft Windows [NT/2000/XP/Vista]

  8. Re:Is Linux kernel 2.6.26 == Linux 2.6.26 ? on Linux 2.6.26 Out · · Score: 1

    Not quite true. The various BSDs actually use substantially different kernels and other low-level components in many cases. They evolved (or rather, branched) out of a common base, but it was many years ago and most of that legacy code was re-written anyhow. Drivers are not inter-compatible, for example (though I hear they aren't too terribly hard to port).

    More accurate would be to say that, for example, DesktopBSD is a distro of FreeBSD (or a FreeBSD-derived distro), since (as with Linux) the kernel and many of the base tools are the same or very close, but DesktopBSD includes its own installer, configuration tools, customized KDE desktop, standard packages, etc.

  9. Re:Good point, but... on Linux 2.6.26 Out · · Score: 1

    Yeah, I've been using that driver (ext2) for years. It's good at what it does. However... it does NOT actually support ext3, strictly speaking, since ext3 is journaled. You can access - read and write - ext3 volumes with an ext2 driver, but the writes aren't journaled at all (I managed to screw up the Linux partition quite badly once when a power loss hit during a write).

    It also caused Linux to run fsck ever single bloody time it booted up, even if I hadn't even READ any files, let alone written them.

  10. Re:Real writeable NTFS? on Linux 2.6.26 Out · · Score: 1

    I don't hear people complaining about Apple's support for NTFS.

    Last I checked (which was a Tiger machine, my friends have been quite slow to upgrade to Leopard), Apple didn't have write support on NTFS at all. This elicited a considerable number of complaints.

    Linux, by comparison, can read and write ntfs (with journaling), can even boot off it, and I believe it can use at least some of the ACLs and other metadata as well.

    No volume shadow copy support yet, though... so for the time being, I mount my NTFS volumes RO unless absolutely needed.

  11. Re:Pre-teens, meaning 12 and younger? on Sci-Fi Books For Pre-Teens? · · Score: 1

    Tom Swift Jr. (and, as I got older, the "real" Tom Swift books) were great, though I only had a couple of them

    What Dragonriders shorts are you referring to? The Harper Hall trilogy is relatively short (and eminently suitable for kids, aside from the fact that it assumes a deal of knowledge that's only in the other books) but still a trilogy of standalone novels.

  12. Re:SF and Fantasy Authors for Young Readers on Sci-Fi Books For Pre-Teens? · · Score: 1

    I've never been able to get into Greg Bear at ANY age, but (of those I've read) I agree with all the rest. I'd add a few more:

    Tad Williams - Otherland
    The Ear, the Eye, and the Arm (can't remember author, but one of my favorites at this age).
    Tamora Pierce - All the Tortall and Circle books are good, though the Circle books are the ones specifically aimed at younger readers.
    Witches of Eileanan (superb fantasy, can't remember author off hand)
    Animporphs (light, fun reads, though short. Easy intro to sci-fi, I loved them until I outgrew them).
    Pullman - Golden Compass, at least, arguably the whole Dark Materials trilogy. May be problematic to people who care about religion.

  13. Re:Another fan's list on Sci-Fi Books For Pre-Teens? · · Score: 1

    I'd have considered Jumper a little old for a pre-teen, but maybe not. I was 17 or so by the time I read it, though, and it is good (and not much like the movie).

    I read a copious number of Star Wars and Star Trek novels around this age. The only ones I really remember are the Corellian trilogy and Generations (I actually read the book long before the seeing movie, since I picked it up at a library along with a large amount of read-enjoy-forget material).

    Zelazny's Amber series is probably OK for pre-teens.

    The Ear, the Eye, and the Arm was one of my FAVORITE books at this age.

  14. Re:Some that haven't been mentioned yet... on Sci-Fi Books For Pre-Teens? · · Score: 1

    Agreed on Tamora Pierce (fantasy), though I'd take it beyond Lady Knight - all the Tortall books, and the Circle books as well, are worth reading IMO. My sister and I both loved the Lioness books, and she couldn't have been more than about 9 when we picked up the first one.

    Witches of Eileanan (spelling probably a bit off) is also good, fun fantasy.

    One of the first sci-fi I remember taking from my father's shelf, other than The Star Beast, was a series called the Stainless Steel Rat.

    Starswarm, by Pournelle, is a fun read that should be suitable to a near-teen audience.

    The Animorphs books were quick and trivially easy to read even at a very young age, but I liked them until I outgrew them. They're great as intro sci-fi, though.

    Redwall is a fun series (fantasy), though overly formulaic. It got predictable after the first few (the very first is actually one of the less formulaic, though among the most cliched, but to a your reader that's probably not a problem).

    I didn't have a problem with the Dragonriders of Pern books when I was young, though they certainly contain some adult themes. Kids really are good at filtering out all that for the parts they like understand.

  15. Re:It's not a silver bullet but it's good enough.. on TrueCrypt 6.0 Released · · Score: 1

    A quick suggestion, for something a little easier than TrueCrypt (if you're not worried about plausible deniability): Encrypting File System. You need to be using a business/profession Windows edition, and the drive needs to be formatted with NTFS (not the default FAT). You put files onto the drive, then right click them (or the folder they're in) and select Encrypt. The files can now not be opened by anybody other than you (specifically, your user account in Windows). However, to your account, the decryption is completely transparent.

    Of course, you can't use this to share data between accounts (even if they have the same name/password) unless you backup the encryption keys (possible but more complicated). Also, the file/folder names and metadata are still visible. Nonetheless, it's one of the easiest approaches to encrypting sensitive data on a potentially shared volume.

    Note that Macs can't, last I checked, write to NTFS (though they can read it). Linux has RW support.

  16. Re:Cases where Self Signed Certs are OK. on When Is a Self-Signed SSL Certificate Acceptable? · · Score: 1

    For personal use, or within a secure distribution, self-signed is great. On the greater Internet, however, nobody will know whether they should trust the self-signed cert or not, so most people won't add it.

  17. Re:Technically, IE7 is the most secure browser out on IE 8 To Include New Security Tools · · Score: 3, Informative

    You *can* set up browsers under Linux to have the same types of permissions, using AppArmor or SELinux. It's not OOTB though, and not as easy to approve outside-the-sandbox actions (like saving a downloaded file to a non-temp folder).

    It's also worth noting that this feature, called Protected Mode, is not available if UAC is disabled. If you honestly can't stand privilege escalation requests (for things that damn well should have them) then open the Local Security Policy management console (use the Start search, or look under Administrative Tools), find the UAC policy options, and set it enable automatic escalation for Administrators. You're still sort of protected, in that any app that was started as a non-admin will stay non-admin until it requests privilege escalation, but you won't be given a chance to deny that escalation.

  18. BitLocker + TPM on Bavarian Police Can Legally Place Trojans On PCs · · Score: 1

    True on the keylogger (but then, you can see those - especially if, like me, your home computer is a laptop).

    However, if the the computer has a TPM chip and is using BitLocker, then no, they can't install a hypervisor - by necessity, the hypervisor changes the boot instructions, which would cause the (TPM-enabled) boot validation in BitLocker to fail and the drive will lock itself until the recovery password is entered (and no, it's not guessable - it's a very long machine-generated value). Barring a really stupid user who ignores the warning that the boot sequence changed, this is about as safe as you could get.

    I don't know how TrueCrypt or similar would handle this situation, but as long as a strong password and boot validation are used, full-disk encryption would probably be effective against this.

  19. Re:kwrite via MS Windows version of KDE! on Review of KOffice 2.0 Alpha 8 – On Windows · · Score: 1

    Yep - KWrite (and its multi-document container app Kate) are part of the KDE on WIndows, and have been available since KDE 4.0 was released some months ago. While some of Kate's features weren't quite there, it was still eminently suitable for working on some C code.

  20. Re:Yes, a self-signed certificate is just a secure on When Is a Self-Signed SSL Certificate Acceptable? · · Score: 1

    Very nicely written. Two nitpicks, though:
    1) The distribution is so your clients can always be sure they're talking to you, not to a MITM. (You changed the party referred to by "you" in that sentence.)
    2) In case your private key ever gets compromised, you need a trusted revocation system (as well as a distribution one). This is another feature that CAs provide.

  21. Re:True Story on When Is a Self-Signed SSL Certificate Acceptable? · · Score: 1

    In other words, the users made a reasonable decision (avoiding the use of an untrusted cert in a location where I'd be surprised if there wasn't *at least* one MITM program)... then turned around and made the worst rookie mistake on the whole net (sending sensitive data over a completely insecure connection).

    Meh, if I was you, I'd have done exactly the same thing you did... except I'd have been the one running the MITM, and I'd have posted the data of anybody who accepted the untrusted cert as well. Might have used different colors to differentiate the overly trusting from the blatantly stupid.

  22. Re:It's at least as secure! on When Is a Self-Signed SSL Certificate Acceptable? · · Score: 1

    No offense, but you're assuming that somebody who bothers to set up a MITM using a trusted cert (rather than the quite easy approach of an MITM using an untrusted one) isn't going to notice that the site you're requesting lacks a trusted cert? Wow... that's going WAY out of your way to validate (pun intended) your use of self-signed certs. In your case there's no problem, but trust me - you'd be safer adding your home server's cert to your trusted certs store. Otherwise, the next time you connect to your home machine from anywhere remote, over any network that your don't control the whole path of (i.e. any network outside your LAN), you're not going to know whether the warning you get is because your home server's cert isn't trusted, or because somebody's running a MITM on you.

  23. Re:Always. on When Is a Self-Signed SSL Certificate Acceptable? · · Score: 1

    Sure, if you manage root access on a server (it happens, sure, but rarely enough that the risk of it occurring doesn't utterly invalidate security measures which assume it hasn't) you could probably steal the server's private key - I wouldn't know where to look but I'm sure its possible. Of course, this means a self-signed cert is equally as hosed as a CA-signed one.

    However, IIRC (and I might not), the domain for which the cert is valid is part of the thumbprint, and the thumbprint is part of what is checked by your browser (through the CA). In that case, even a poisoned DNS pointing paypal.com to your computer isn't going to help, unless you somehow secured a cert issued to paypal.com (not impossible, but vastly harder than getting a CA-signed cert normally). On the other hand, you could use a self-signed cert for paypal.com, and in your world the user would very likely just accept it.

    DNS poisoning is just one form of MITM attack - the easiest would be to simply set up a public access point that routes all SSL traffic through a program which modifies its own self-signed cert to look like the valid one. (as a class project, I wrote such a program last fall). In your world, it would be just another self-signed cert, and nobody would notice or care. In this world, it produces a big scary warning. Trust me - this type of MITM attack is very easy, especially as compared to rooting a webserver. What's more, if your attack on the server is detected, the owners would probably revoke their old certificate and get a new one (sure, it costs them money, but not as much money as it would cost them to let you run around with their private key). By comparison, a server being attacked through a MITM doesn't even know it's under attack - all it sees is another client connecting just like normal.

    In conclusion, MITM attacks are definitely enough of a danger to warrant certificate signing by trusted parties (i.e. CAs). As for your argument about rooting the server, security is all about defense in depth. You don't throw away a valid protective measure against one class of attacks just because a different class allows the attacker to bypass the first one.

  24. Re:Always. on When Is a Self-Signed SSL Certificate Acceptable? · · Score: 1

    Firefox 3's default is only to check a certificate if it specifies an OCSP server (rather than to check a built-in server), and to allow the certificate (rather than treat it as invalid) if the server can't be reached. X.509 certs aren't my specialty, but it seems likely this behavior could be subverted.

  25. Re:You are correct to point that out on When Is a Self-Signed SSL Certificate Acceptable? · · Score: 1

    Every now and then, a phishing site apparently gets issued a signed (by a trusted CA) certificate. If you can present a valid, trusted certificate fr the domain paypa|.com, the user will see all three of the things you describe above. Even if the cert is immediately revoked, most browsers don't (by default) check for certificate revocation on every connection.