Slashdot Mirror


User: betterunixthanunix

betterunixthanunix's activity in the archive.

Stories
0
Comments
6,598
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,598

  1. Uh, we did scream on Sun's Phipps Slams App Engine's Java Support · · Score: 2, Informative

    Visual J++ was what we screamed about, and Sun sued Microsoft, and Microsoft backed down and took J++ off the market.

  2. Re:I think Sun is jealous on Sun's Phipps Slams App Engine's Java Support · · Score: 2, Interesting

    I hate it when people make snide comments about high quality engineering. Yes, it is possible to hack together a "good enough" system that is fine for consumers and some businesses, but for a lot of applications, a well engineered system is important. In the case of the containers, there are plenty of reasons why you might want to know the seismic test results: maybe you are deploying the container to replace some emergency services IT infrastructure in an earthquake zone, and need to be ready for aftershocks; maybe you just want to transport the datacenter on a railroad, and want to know how well it will hold up while it is jostled around on a flatbed car; maybe you need a datacenter to function onboard a ship, and want to know what effect choppy seas might have.

    Where were all these comments when Sun went after Microsoft for this sort of behavior? Back then, everyone seemed eager to watch Sun "stick it to" Microsoft; but when Google is the target of criticism, suddenly the fault lies with Sun. Windows is also "good enough" for most people (and Visual J++ was intended for Java development in Windows), so why treat it differently than AppEngine?

  3. Passwords are a terrible idea on The Low-Intensity, Brute-Force Zombies Are Back · · Score: 2, Informative

    "IMHO if the passwords are strong enough there is nothing to worry about"

    The problem is that most users are not capable of choosing a strong password. Even when you try to enforce policies about minimum password strength, users will manage to choose weak passwords; aside from the world's most common password (password1), there are plenty of people who use their own username as a password -- and requiring non-alphanumeric symbols won't stop them: jane123 will just becomes j@ne123. Minimum password lengths won't do it either, since the users will either write their password down (not an issue for botnets, but certainly an issue for high profile targets) or just come up with something that is easily guessed (abc123abc123).

    Public key authentication is better but not by much. The real issue with it is that users do things like not having a passphrase for their private key (which is even more convenient than a weak password) and making copies of that key everywhere that they want to log in from (some might even carry the key around on a thumb drive). Public key authentication will solve the problem of distributed brute force attacks, but it does not really solve the problem of users having their accounts compromised by a determined adversary.

    Assuming that your system is high profile enough to be worth the expense, you would really want to use a one-time password device. If the device is stolen, you have a problem, but beyond that there is not much an adversary can do. You can even mitigate the problem by requiring check-ins -- a user must login at a certain time, so if their device was stolen they will be forced to call helpdesk and report the problem.

    Of course, it really depends on your security needs. None of the systems I administrate are high profile enough that I am worried about anything other than a distributed brute force attack, so public key authentication is good enough (an attacker who wanted to take over some Linux servers for his nefarious deeds could find an easier target with equal computing power, and the data on the disks is just academic research which will be published anyway).

  4. Re:Defense?? on In Defense of the Anonymous Commenter · · Score: 4, Interesting

    Sadly, the constitutional guarantee is not equivalent to a practical ability to make anonymous comments. Yes, anyone is legally allowed to anonymously comment on whatever they want, but the question of whether or not anyone will see that comment is entirely different. You can create a website and write everything under a pseudonym, but unless you manage to get to page 1 on Google, your opinion will never be heard. On the other hand, if you write a comment on a popular website (such as slashdot), your comment will at least have a fighting chance. This is what is being defended: the system that allows you to post anonymously on the Washington Post's website, where lots of people will see the comment.

    Of course, the whole situation is a bit twisted, since you now need the permission of large media companies to make anonymous comments in a meaningful way. As the Internet becomes more popular, that will become more true.

  5. Re:Expect More of This on Hungary, Tatarstan Latest To Go FOSS · · Score: 2, Insightful

    No, but these governments already have computers, and they are switching to free-libre software. The fact that they are switching is where the training costs are incurred -- temporary, yes, but costs that must be overcome if free-libre software will gain a foothold.

  6. Re:Build your own system. Keep it solid and simple on How Do I Provide a Workstation To Last 15 Years? · · Score: 1

    "As long as you buy standard components, they should be easy enough to replace 15 years from now, don't go hog-wild stocking up on replacement parts"

    You'd be surprised. I have a 15 year old desktop that takes ISA cards, and I have seen younger systems (relatively speaking) that only took AT keyboards. What seems like a standard technology now, that will "never be replaced," may very well be long forgotten in 15 years. 15 years is a long time to try to keep a single system operational; I would suggest an approach based on virtualization, so that if the entire system needs replacing in a few years (e.g. a mobo failure with no compatible mobo available), the migration process is not so painful. Also, use some sort of RAID, but be careful as it may not be possible to find a compatible replacement hard drive in 10 years -- again, virtualization may solve this problem.

  7. Re:Conflict of interest on Time Warner Expanding Internet Transfer Caps To New Markets · · Score: 2, Insightful
    "but almost no other internet usage will."
    1. Open source developers or enthusiasts pulling ISOs
    2. Artists who share their work with others
    3. Employees remotely accessing systems at their job using VNC
    4. Work-at-home investors who pull a lot of market data

    And there are many others.

  8. Re:Let me be the first critic on Linux Needs Critics · · Score: 2, Interesting

    "Don't you realize that the problems introduced by incompatible hardware like this makes Linux have MORE PROBLEMS for that particular user THAN WINDOWS? Why would someone switch to an OS that has more problems than their current OS?"

    Cost/benefit analysis kicks in. It really depends on the user and what they hope to do with their computer. I have seen people give up on certain hardware because the benefits of GNU -- the developer-friendly environment, the reliability, the lack of restrictions on use, etc. -- far outweighed the benefits of having that hardware functional.

  9. Re:Let me be the first critic on Linux Needs Critics · · Score: 1

    "Most free software exists either because someone is making money off of it (e.g. Red Hat, IBM) or because someone gets pleasure out of developing it (e.g. MythTV.)"

    Or because someone just needed it. I remember finding an ancient utility for converting some bizarre HP image format that is produced by the oscilloscope we had in a lab some time back; nobody was making money on the utility, nobody was maintaining it, it was written and put out there because someone in the world had needed exactly that program at some point.

  10. We are not magicians on Linux Needs Critics · · Score: 5, Interesting

    Sometimes you cannot just *make* a driver. Some hardware is overwhelmingly complicated, and if the hardware manufacturer cannot or will not release the source for their driver or technical documents for the hardware, then you are SOL. My laptop's integrated modem has no free drivers, and the only Linux driver available is from a team that is under an NDA. The attempts to write a free driver were nothing even close to something useful, and those attempts have been undertaken for 10 years.

  11. Re:so how many hops are we from Kevin Bacon? on IPv6 Over Social Networks · · Score: 1

    You must be new here.

  12. Take that! :-) on Instant Messaging Vulnerable To New Smiley Attacks · · Score: 5, Funny

    And that! :-) (-:

  13. Re:Slow performance on Kernel Hackers On Ext3/4 After 2.6.29 Release · · Score: -1, Redundant

    Wish I had some mod points for that...

  14. Re:I thought I did. on Richard Stallman Warns About Non-Free Web Apps · · Score: 5, Informative
    "F/OSS only appeals to people who LIKE to trudge through others code to see how it works or make it "better". To me, software is an end to a means and I don't really give a rat's ass how it works as long as it's not doing shit behind may back that I don't want; which I can find out by other means than looking at source code."

    Free-libre software is about more than just looking through source code. The availability of source code is a means to an end; there are non-free licenses that provide access to source code, and even the right to modify that source code. Free-libre licensing grants you freedoms that you really do not have with proprietary systems, including those that make code available to you:
    • The freedom to install the software on as many systems, and for as many users, as you wish. For a web apps, some vendors limit how many simultaneous users (or how many users in total) may use the system; a free-libre system cannot impose such a limit.
    • The freedom to use the software perpetually.
    • The freedom to use the software for whatever purpose you see fit (compare this with the AAC codec license, which forbids "client software" for being used for "professional" purposes).
    • The freedom to use modifications to the software that other people have developed.
    • The freedom to give the software to someone else.
    • The freedom to discuss the software with someone else (there are proprietary systems that forbid or limit this as "trade secrets").

    Maybe these are not things that really matter to you. I have encountered restrictions on every one of the above items from different software packages, and it has caused me and the other users/administrators of the software serious headaches. In cases where free-libre software was introduced, people just got their work done -- no worries about breaking the law, no worries about the software suddenly becoming inoperable, no restrictions on who we may discuss the software with.

  15. Re:OK, dumb question after reading the article on Richard Stallman Warns About Non-Free Web Apps · · Score: 2, Informative

    You may wish to modify extend the web app in some way that is suitable for you. For example, I know people who want GMail to support PGP; there is a Firefox plugin that modifies the page layout and Javascript so that messages can be signed, encrypted, decrypted and verified. This is the same argument that is made for free software on your desktop.

  16. Re:US Government Offline on New Bill Could Shift Federal Cybersecurity Work From DHS To White House · · Score: 1

    That sentence was poorly worded, I believe the intent is that the systems will be taken offline just before a cyberattack actually happens so that the government can continue to function, and then reconnected when the attack is over. At least, I hope that is what the intent was...

  17. Re:Nothing to see here, move along... on Smart Grid Computers Susceptible To Worm Attack · · Score: 2, Interesting

    "Since the utilities lose revenue -- potentially all revenue, plus destruction of capital assets -- if their equipment is cracked, they are very much a part of these standard development activities, and security is of constant concern. (There will undoubtedly be an industry consortium tasked with reviewing implementations of these standards.)"

    Ironically, even in the face of lost revenue and destruction of equipment, power companies do not take security as seriously as you would have us all think. In some countries (including the UK, as I recall) the power companies began to deploy meters that required the insertion of a smart card in order to release power, with the idea being that customers could get "prepaid power." As it turns out, many of these systems were vulnerable to replay attacks and clever customers could get free power after purchasing two cards and simply alternating them. The meters would only remember the last nonce used, rather than every nonce; the reason was cost-cutting and an assumption that nobody would actually try alternating a pair of cards.

    I doubt that the companies here in the US will take security any more seriously than those in other countries. The engineers might recommend better security -- assuming they have a background in security engineering -- but the managers will only see that an extra million dollars will be spent to prevent an "obscure" attack that seems like something nobody will ever figure out. That is assuming that the managers even understand what the engineers have told them. Even if the IEEE recommends a secure system, corners will likely be cut that will leave the system vulnerable.

  18. Re:Asinine on Smart Grid Computers Susceptible To Worm Attack · · Score: 2, Informative

    "Um, citation please? Nowhere in the linked article (sorry, I know I wasn't supposed to read it, but I was curious), does it say anything about being expensive to fix. In fact, it says nothing at all about repair cost, which may merely involve a firmware update which could be deployed remotely."

    From TFA:

    "Should one of these security bugs be made public, it wouldn't just be dangerous, it would also be expensive, costing utility companies big money as they went back and retrofitted their buggy systems, Pennell said."

    That would be the last sentence.

    I do not feel sorry for the utilities if they deployed a buggy system that created a national security problem. I would hope that any promise to keep the exploit secret was matched by an immediate effort on the part of the power companies to correct the problem, and to have a third party perform additional testing to discover other possible exploits; clearly, that is not what happened.

  19. Re:Sue-Happy on Apple and AT&T Sued, Again, Over 3G · · Score: 1

    This is not a frivolous lawsuit. It is not a matter of hyping the product up "a bit" -- the product does not approach what they claimed it is capable of. They are charging and locking consumers into contracts for service that they are not providing, which is illegal. Why shouldn't a consumer who was lied to and then locked in to paying for service that they did not receive sue the company that lied to them?

  20. Re:Patent Troll on Red Hat Claims Patent On SOAP Over CGI · · Score: 1

    "You don't need a patent for that just prior art in the wild"

    Except prior art does not always exist. In cases where no prior art is available, you need to have a large number of patents available for cross-licensing schemes, or in the worst case, counter-suits. A multi-billion dollar software company just cannot survive anymore without patents at the ready (or without enough money to pay for patent licensing).

  21. It would destroy their business model on UK Gov't May Track All Facebook Traffic · · Score: 1

    Facebook is not there as a charity. They are there to make money, and they do that by tracking, recording, and analyzing everything you do on their website. Encryption on Facebook would destroy their ability to do that, or at least significantly weaken it, so they will never offer it.

  22. Re:The irony is... on Amazon Sued Over E-Book DRM Patent · · Score: 1

    "...sell with DRM and have to pay licensing agreements."

    Which would be passed on to the consumer. Would be nice to see it passed on to the AG so they could feel the pain too, but that is as likely to happen as 2009 is to be the "year of Linux."

  23. Re:Call me a Luddite on So Amazing, So Illegal · · Score: 1

    Depends on who you talk to. Personally, I thought that video was a horrible waste of electricity, but apparently some people consider it artistic and want more of it. Then again, I also cannot stand techno, or any other "music" that requires all the effort of hitting some buttons.

  24. Re:Amazing on So Amazing, So Illegal · · Score: 1

    Actually, it was terrible. If that was the future of art, then I might as well jump off the nearest cliff now, because it was just terrible. I have heard better "music" from this:

    dd if=/dev/urandom of=/dev/dsp

  25. Mod parent up on Apps That Rely On Ext3's Commit Interval May Lose Data In Ext4 · · Score: 2, Informative

    Much as I love to fallback on the "POSIX says that this could be the case so it is OK that it is the case" excuse, it really does not fly in this case. The POSIX doesn't allow this sort of behavior because it is a "good" thing to do, it allows it because there are systems where this is an OK thing to do -- systems intended to manage database, systems that are heavily verified and have backup power supplies, etc. This is not appropriate for desktop systems -- desktop systems have to be robust against all kinds of stupid situations, like sudden power losses, users hitting the reset button because an application is hanging, and so forth. EXT4 should not be used in a desktop system if it can cause data loss when the unexpected happens, regardless of the technical merits of writing to small configuration files.