top Snowden Used Software Scraper, Say NSA Officials
There's zero reason to believe the NSA's version of this and every reason to believe Snowden's
Because, so far, every single thing that Snowden has said has turned out to be true
when cross-checked. And, so far, every NSA official spokesperson has been caught repeatedly
top Is Whitelisting the Answer To the Rise In Data Breaches?
The inferior people at Dice -- you know, the same ones trying to shove their shitty Beta site down our throats -- are actually not clueful enough to realize that this is a very old idea. Whitelisting OS resources, applications, networks, IP addresses, etc. has long been an effective security measure, and I've deployed everywhere I've been for the past 15 years or so.
It appears that the Dicedroids think everyone is as stupid and clueless as they are.
top How Adobe Got Rid of Traditional Stack-Ranking Performance Reviews
This. One hundred times this.
The teachable moment for Dice is RIGHT NOW. They can either admit what everyone knows (that Beta is a horrible
downgrade and should be killed immediately) or they can let their massive out-of-control egos continue to drive their
decision making...and drive Slashdot right off a cliff.
The question that remains is whether they're smart enough to realize that, or whether they will persist on
the path they've chosen -- which leads inexorably to a future where people talk about Slashdot in the past
tense and catalog its downfall alongside that of other sites whose operators failed to listen to their masters: US.
My money is on the latter. Every response I've seen so far from them is full of PR happytalk and bullshit. I think
they truly believe that they can pull this off if they lie about it long enough and consistently enough. After all,
that's how business is done these days, for the most part.
top Slashdot Tries Something New; Audience Responds!
The solution is simple: can Beta as a failure. Be grown-up enough to admit that it did not work [...[
They are either too stupid to realize that (despite the overwhelming evidence) or too afraid to admit it.
So take your pick: idiots or cowards. Maybe both.
top Slashdot Tries Something New; Audience Responds!
No one comes to
/. to read the stories.
That's absolutely true. The editors here are young, inexperienced, naive, and largely clueless. Which is to
be expected, we were all that once upon a time. However, the commenters include a good number
of older people with significant experience and knowledge, and THEY are clearly a thousand times more
important than any of the interchangeable, expendable editors.
The most important thing that this fucked-up Beta teaches us is that Dice does not understand that
previous paragraph. It proves to us that they're arrogant, self-important, egotistical assholes who think
we're sheep to be herded as they see fit. It's probably going to be necessary to teach them a lesson,
and I suspect that the form the lesson will take is the rotting carcass of Slashdot nailed to the wall,
because they are clearly LYING when they claim to be listening.
Which is not surprising: MBAs are stupid people, that's why they don't have real degrees. But It is
disappointing to see how spineless Timothy and the others are. If they actually had any backbone at
all, the editors would side with the users and resign en masse in protest.
top Slashdot Tries Something New; Audience Responds!
That's an excellent point. This is clearly management happytalk bullshit being
fed to Timothy, who is obediently regurgitating it to us and hoping that we're naive
and stupid enough to believe that they're "listening".
They're not listening. If they were listening, Beta would already be completely
abandoned and we would be reading a full public apology from the
The ONLY acceptable response is the instant and permanent removal of the Beta. Period.
All other responses are lies.
top Slashdot Tries Something New; Audience Responds!
I hope it was enough to make being an obedient little corporate toady worth it.
The ONLY acceptable response from Slashdot is the immediate and permanent abandonment of
the Beta project. Everything and anything else is just happytalk bullshit from cowards and liars.
top The Standards Wars and the Sausage Factory
As a long-time (VERY long-time) veteran of Usenet, I'd like to point out that it's
quite viable. The anti-spam methods now in place are quite a bit better than what
we had just a few years ago. There are a number of newsgroups that are doing
very well (including a lot of technical ones), some that are languishing, and some
that are on hold.
Usenet has a lot of architectural features that make it very good for these kinds of
discussions: it is privacy-friendly. It's text-based. it's easily gatewayed to and from
email. It's easily archived. (I have many, many years of certain newsgroups.) It
requires modest resources. It's resilient in the face of broken sites and broken
network links. It's bandwidth-friendly. It runs on relatively lightweight hardware.
The software is mature. And so on.
Not that it's perfect: of course it's not, and I can probably enumerate its flaws
better than all but a handful of other people. But it works, and it works well
even when other allegedly more sophisticated mechanisms fail. I've long said
that Usenet proficiency is one of the basic qualifications for system and
network administrators: they don't need to know the ins/outs of NNTP
nor do they need to admin a node, but they do need to know how to use it.
Since /. appears to be intent on committing public suicide via this idiotic Beta,
supported exclusively by the imbicles and morons at Dice, perhaps it's
time to start migrating back to Usenet, where corporations can't exert
the kind of control they can here.
top How Edward Snowden's Actions Have Impacted Defense Contractors
As one of the first users of this site (yes, I know my UID number, it's not my original one),
I fully support this.
Moreover, IF the people running this site are so obstinate, stupid, and ignorant that they
persist anyway: then the boycott needs to be permanent. We ALL need to leave. We need
to teach a lesson, and if the only way that lesson can be communicated is over the bleak,
abandoned corpse of slashdot, then that's how it has to be.
I could warn you of course, but you would not listen. I could
kill you, but someone would take your place. So I do the only
thing I can. I go."
top New Zealand Spy Agency Deleted Evidence About Its Illegal Spying On Kim Dotcom
You're correct but it's not obvious that the law will actually be applied in this case. Clearly,
the NZ and US both really, REALLY want to crucify Dot Com and are willing to break
the law, cheat, lie, steal, defraud and everything else in order to do it.
Meanwhile, Slashdot Beta is absolute crap, and if the morons, idiots, and assholes
pushing it persist in this stupidity, then they should expect a boycott.
top First New Generic Top Level Domains Opening
As everyone knows, there was and is no actual need for these TLDs. Just like there was
no need for
.xxx. Just like there was no need for .mobi. Just like there was no need for .info.
The entire process is driven NOT by the communal needs of the Internet, but by ICANN,
which is now completely controlled by registrars -- registrars who are always looking for
new/expanded revenue streams.
There WAS a time, as I'm sure some folks will remember, that "one entity-one domain"
was the rule. That time is long gone, as it drastically restricts registrar profits. Now?
It's not uncommon for single entities to control hundreds to hundreds of thousands of
domains. I've been researching this issue, and have looked at about 60M domains
so far: EASILY 90% of them are crap. They're owned by speculators, typosquatters,
"landing page" operators, clickthrough scammers, and on and on and on. I suspect
that as I expand my work, that percentage won't change much. In other words: we could
delete 90% of the domains out there with no appreciable effect on the Internet.
This latest expansion is merely an attempt to continue the same game -- but with
outrageously prices and profits.
Here is my recommendation: learn how to use DNS RPZ. As each one of these
TLDs is introduced, add it to the list so that you effectively make it disappear from
your view of the Internet. Encourage others to do the same. After all, you aren't
required to resolve any domain or group of domains -- so don't. If enough
of us do this, we will make these domains essentially worthless. (Why? Because
without DNS resolution in place, end users won't be able to reach them with web
browsers. MTAs that check for domain existence -- which they should -- will reject
all mail to/from them. And so on.)
The Internet doesn't need this junk. YOU don't need this junk. So make it vanish.
top Snapchat Account Registration CAPTCHA Defeated
I've been saying this for years -- here and elsewhere. Yet their foolish supporters continue to
insist on using them, despite the steady parade of demonstration proofs showing that they're
easily defeated. (I'm not going to bother with the catalog of links this time. Use a search
engine. Read the items that show up on the first two pages of results -- that should be enough.)
Either you're defending an important resource or you're not. If you're not, then you don't need
captchas and shouldn't use them. If you are, then the first person who decides that your resource
is worth the trouble will break your captchas, either by code, by brute force, by co-opted masses
or by some combination of those. You have no shot. NONE. If you think so, then you didn't
perform the exercise I suggest in the last paragraph.)
A defense that is known-broken is not a defense at all.
about a month and a half ago
top Creationism In Texas Public Schools
In one of the great ironies of our time, those arguing for or supporting creationism are actually providing clinching proof that they themselves have failed to evolve into human beings: they're not members of
homo sapiens, as they have clearly failed part of the qualifying intelligence test.
Given that they are -- at best -- inferior primates, why should those of us who are clearly superior grant them human rights -- which, as the label indicates, are exclusive to humans? I certainly see no reason why we should be so generous.
Instead, I think, we should strip of them of the franchise, of the right to own property, of their financial assets, and of their citizenship. They should be treated decently, of course, for the same reasons that we should treat horses or dogs decently. But certainly they don't merit consideration as peers, as by their own actions, they've shown they aren't. I envision vast farms where they're lovingly tended until it is time to harvest their organs -- painlessly, of course, but inevitably. Their meat is the only value that they have to the human race, and it would be a pity to waste or damage it.
top Amazon and GoDaddy Are the Biggest Malware Hosters
There are a large number of reasonably well-understood methods for dealing with this.
First, you have a working RFC 2142 role account address: abuse@ your domain.
You pay attention to what shows up there. You reply promptly. You engage. After
all, if someone is doing your job for you and doing it on THEIR dime, the least you
can do is take advantage of it. Moreover, if you manage to do this reasonably well,
word will get out, you'll earn the respect of your peers, and they will reward you with
more reports -- again, doing your work for you for free.
Worth noting is that Amazon makes it nearly impossible to communicate with their
abuse desk and fails to respond to reports in any way, let alone a timely one. And it's
well known that GoDaddy frequently forwards them to the abusers.
Second, you pay attention to netflows. If a virtual host instance is opening up TCP
connections on port 25 to a kazillion hosts/hour, then it's spamming. Any kind of
perfunctory monitoring will spot this and a hundred other similar things in real time.
Third, you pay attention to who's behind the incidents. If you don't, then they'll
just sign up over and over and over again. So you work to avoid that, by looking
at the who, what, where, when patterns -- and you ban repeat offenders. This
isn't watertight, of course -- but it doesn't need to be. If you raise the bar high
enough, they'll just go somewhere else, which reduces your workload and lets
you focus more tightly on what's left.
Fourth, you look at usage patterns. Most web sites do NOT display global
usage patterns, particularly those which are connected to a domain registered
yesterday. (Think about it.) If you observe that, then something's up: it might
be legitimate. It's almost certainly not. The same thing applies to other
services and other protocols.
Fifth, if you're Amazon, you have a highly paid legal staff. Use them. Smack
the crap out of a few particulaly egregious offenders in court. Make it noisy so
that everyone else knows you're doing it. Again, this doesn't have to be watertight;
it just has to discourage miscreants.
Finally (and I'm stopping here for brevity, there's a lot more), do all this publicly.
Encourage your peers to do the same. Challenge them. Raise the collective
bar, not just your own. Cooperate with your competitors.
All of this costs money. Not a stupid amount of money, but it does cost.
Which is why it almost never gets done (see previous post).
top Amazon and GoDaddy Are the Biggest Malware Hosters
Your comment is funny, but misses the point about economics of scale.
Amazon, with its immense resources, should be one of the cleanest hosts on
the planet. They can afford, using their spare change, to staff a 24x7 abuse desk
with very senior people. The budgetary impact wouldn't even be a blip. And with
the right people, suitably empowered, they could keep their operation nearly free of
malware, phishing, spam, and other forms of abuse. They're far better positioned
to do this than many smaller operations, who couldn't possibly afford it.
But they haven't. Why not? Is it because they don't know? Unlikely. Of course
they know. Is it because they don't know how to address it? Equally unlikely.
Of course they do. They have some smart people on staff. No, they know what
the problem is AND they know how to fix it.
They just don't want to.
Because even as (relatively) small as those costs would be, it's still cheaper for
them to externalize them to the entire rest of the Internet, and let all of us deal with it.
So rather than taking professional responsibility for their own operation, they've decided
to just blow it off. After all: who's going to make them?
I would say the same about GoDaddy, but it's not true. They actively support,
encourage, and endorse spam, malware, phishing and every other form of abuse.
They have from the beginning, only their method of lying about it has changed.
(And don't forget GoDaddy's own history of self-promoting spam.) But once
again: who's going to make them do anything differently?
Until operations are held accountable for their actions -- which is something
that we USED to do on this network, a long time ago -- most won't bother.
And that is, in large part, why problems like spam and phishing and malware
top The Burning Bridges of Ubuntu
That's not to that they aren't problems: Unity is shit. Mir's design displays profound ignorance of X's design, including both its features and its liabilities. And so on. It's obvious that Canonical is ramming these down users' throats because they
have to, as only the ignorant newbies who don't know any better would actually choose them.
But the real problem is that Canonical has now clearly demonstrated its committment to embedding spyware in the distribution. (YES, I know that there's putatively an "off" switch for it. That is an unimportant and irrelevant distraction undeserving of discussion.) By doing so, Shuttleworth has clearly signalled that he's willing to sell out the security and privacy of Ubuntu users for revenue. And now that the user base is declining, expect an escalation of this strategy to compensate for it.
THAT is why the community is no longer relevant to Canonical. The community is standing in the way of their pursuit of profit, and profit (along with ego gratification) is Shuttleworth's priority. Wait and watch: this is only the beginning.
top Ask Slashdot: Are We Older Experts Being Retired Too Early?
I'm one of those older people being shoved aside because I'm (pick one) too old, too expensive, too inflexible, too whatever.
Never mind my degrees, my experience, my continuing education, my track record of success, my ability to adapt, or my insight.
None of that matters, because someone 30 years my junior can (putatively) do the same job -- they'll cost half as much and work twice as many hours, until, of course, their time comes and they're replaced just like I've been.
The fact that I bring incredible value to the table doesn't matter: in a position I recently held, I was asked to evaluate a project
that had already sucked down $1.8M. I studied it carefully for several months, and concluded that it was so badly and fundamentally
flawed that it had no chance of success -- the best course of action was to dump it and start over. Management didn't want to hear that, so they discarded my careful analysis and eliminated my position. Four years later, after spending $12M, they finally axed the project -- after achieving nothing. It would have been more cost-effective for them to (a) take my advice and (b) pay me $100K/year for those four years to do nothing: they'd have saved $11.6M.
My point being that those of us who are older sometimes have very finely-tuned instincts about failure: we've experienced it enough to know what it looks like when it's still a long way off. Simply listening to us when we say "ummm...no, that's a bad idea" EVEN IF WE DO NOTHING ELSE is likely to result in an enormous payoff, since it'll help avoid wasted effort and budgets. But of course it rarely works out this way: it's easier to hire 20-somethings, underpay them, work them to death, and enjoy the chorus of "yes" "yes" and "YES" that they generate because they don't yet realize that's the wrong answer.
top Only 25% of Yahoo Staff "Eat Their Own Dog Food"
Webmail is a trendy, attractive idea: it's also truly stupid. Every single implementation to date -- and yes, I've tried them all -- sucks. I could spend the next three hours typing in a litany of reasons why, from UI to standards compliance, security to features, but I presume that everyone with even a passing familiarity with email already knows this. So Yahoo's feeble attempts to coerce its employees into using their particular brand of suckage, while no doubt driven by an edict from above, run against the best interests of their own staff.
Which brings me to Outlook, the mail client of choice for the ignorant, the incompetent and the inferior. Nobody, and I do mean, NOBODY, of any worth would even consider lowering their professional standards this far. It speaks volumes about the very low quality of the personnel at Yahoo that they actually prefer this client over the many superior alternatives. That, in turn, explains in part why Yahoo's mail system is riddled with security holes and overrun by spammers, phishers, and abusers of all descriptions: there is nobody there intelligent enough to stop them.
So what this really comes down to is whether Yahoo personnel are using M$ or Yahoo garbage; I wonder if there are any whose feeble intelligence is sufficient to allow them to figure out that the only correct answer is "neither". There DO exist mail clients that -- while not perfect by any means -- are clearly, markedly better than either of these.
top EFF Says Mark Shuttleworth Is Wrong About Trademark
Shuttleworth/Canonical are just using the Facebook playbook:
1. Engage in an outrageous overreach.
2a. If there's no reaction: proceed.
2b. If there's a negative reaction, then walk it back just far enough to quell the outrage. Use weasel words. Pretend that you were just kidding. Call it an unfortunate oversight, a lapse, a mistake -- but be sure not to admit that it was deliberate and calculated.
3. Wait for outrage to die down.
4. Return to step 1.
This works beautifully on an audience that isn't paying attention, that can't generalize from specifics, that doesn't remember what happened yesterday, let alone last year or last decade.
top IE 11 Breaks Rendering For Google Products, and Outlook Too
It really doesn't matter if IE does or doesn't render anything, as using it exposes one to the gaping security-hole-of-the-day.
I'm not talking about the ones that make it to slashdot or even full-disclosure; I'm talking about the ones that show up on
blackhat sites with pricetags attached. I'd call it a "parade", but it's more like an angry mob rushing through the streets:
it's constant and pervasive.
Second, the Outlook service is an enormous source of spam. (Citation? Run a major email site, one with at least
a million users. Pay attention to what arrives on port 25 from Outlook.) One of the things we've learned over the
past couple of decades is that outbound abuse is a surface indicator of underlying security issues, thus the inference
is that Outlook has been launched (in Microsoft's usual fashion) without a rigorous security audit.
Third, the entire concept of webmail is wrong, stupid, and broken. Every attempt to date, and I do mean EVERY attempt,
to shoehorn SMTP/POP/IMAP into something that works in a browser, has failed miserably. That includes the
freemail services and the open-source projects, the commercial offerings, and the homegrown ones. One would
think that given the landscape of uninterrupted failure that stretches all the way to the horizon that people would
stop long enough to realize that the problem isn't the implementation: it's the concept. But no, web sites and mailing
lists are filled with endless debate over how to "improve webmail". The required improvement is to abandon it entirely.
Finally, "using Google products" is an increasingly bad idea, as it's obvious that they're been thoroughly backdoored
at least once -- which means that it won't be long until they've been backdoored again. And again. Yes, for
many lazy and inferior people, "using Google products" is a fast answer -- but it's the wrong one.