×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Yahoo DMARC Implementation Breaks Most Mailing Lists

Bert64 SPF.. (83 comments)

Implementing SPF can also do the same thing, the issue is that mailing lists don't rewrite the from headers so despite having been forwarded through the mailing list server the original sender is still shown in the headers, only the mailing list server isnt really supposed to be sending mail *from* other people's addresses...

So either you allow mail to come from anywhere with any sender address, which lets mailing lists and email forwarding work fine but also makes spoofed spam very easy...
Or you don't, and break the above...

Really legit mailing lists should be rewriting the sender headers to reflect that the mail has been redelivered by the mailing list, the only difficulty this would cause is when users try to reply directly to messages rather than forwarding their replies to the list itself.

about two weeks ago
top

OpenSSL Bug Allows Attackers To Read Memory In 64k Chunks

Bert64 Re:Passwords in RAM (303 comments)

Also makes the code more difficult to debug, more difficult to fix, and increases the chances of exploitable bugs existing in the first place...
How many times have security holes resulted from trying to over complicate the code?

about two weeks ago
top

Should Microsoft Be Required To Extend Support For Windows XP?

Bert64 Re:Complete access and indefinite support for free (650 comments)

So, who is backporting security patches to linux 2.0, or KDE 3.0?

Anyone who is still using such devices..
There will be embedded devices out there still running ancient versions of linux, and still receiving manufacturer updates. In many cases the OS will have been minimalized to decrease the amount of effort required to update it, which is another advantage linux offers.

The fact that very few people still use such old linux devices is another matter, there is far less reason *not* to upgrade your linux devices - support for existing hardware is rarely dropped, memory requirements rarely go up, there are no huge costs involved etc.

FYI i still maintain several old linux boxes...
One running a 2.4.x kernel, because it's used to control an SGI machine that requires a proprietary kernel module..
Another running a 2.2.x kernel because i use a third party encryption program that was never ported to newer kernels.

Both of these systems despite having old kernels, have relatively up to date userlands and the services exposed to the network are also kept updated.

about two weeks ago
top

Should Microsoft Be Required To Extend Support For Windows XP?

Bert64 Re:Complete access and indefinite support for free (650 comments)

Well that's the whole point, you don't need to provide support indefinitely you only need to provide the code to arbitrary third parties and they can continue providing support if you choose not to.

Look at all the embedded devices out there still running linux 2.4.x (or even older), and still being actively supported by the device maker. If there's a market for something and people have the code - someone will step up to provide support.

about two weeks ago
top

Why Movie Streaming Services Are Unsatisfying — and Will Stay That Way

Bert64 Re: Um. WRONG. (323 comments)

So you're violating their terms of service and effectively pirating the content anyway...

about three weeks ago
top

Why Movie Streaming Services Are Unsatisfying — and Will Stay That Way

Bert64 Re:Um. WRONG. (323 comments)

And that's one of the biggest problems with netflix and other streaming services... Your limited by your bandwidth, which is also likely to go down during peak times (ie when you want to watch), and heavy use streaming means you can't do anything else on the connection either because its too slow or because your activity would cause the stream to stall.

I want a service where i can download and watch later, i have limited peak time bandwidth usage and unlimited late at night, at night the network is less congested therefore faster and i'm generally asleep so i don't care if it makes the connection laggy, and downloads are not hampered by fluctuations in performance.

With a downloaded file i can take it offline to watch somewhere i have no or poor connectivity, once the file is downloaded i can watch it knowing there wont be any dropouts, i can download overnight in whatever quality i want , even a 1080p movie will be finished by the morning on a 5mbps connection.

Streaming is often utterly impractical at the times you most want to watch something, eg:

on a train/bus/coach/car - the motion makes 3g slower, tunnels make it drop out entirely as does travelling in/out of service areas...
mobile data is often expensive...
abroad - roaming data is even more expensive
wifi is not always available, and even when it is sometimes its unusably slow and you trying to stream only compounds the problem...

On the other hand, a usb stick full of stuff you downloaded the previous night works very well in all of these situations. I travel a lot, and frequently find myself sitting around bored waiting for something, while having poor or no internet connection.

about three weeks ago
top

Ask Slashdot: What Do You Consider Elegant Code?

Bert64 Re:Comment your damn code (373 comments)

Almost always better to use a loop, a good compiler can unroll the loop if doing so would be beneficial and unless your targeting a single specific device, what's most efficient will depend on the hardware - eg a large unrolled loop might be slower if the loop is too big to fit in the cpu cache, and the unrolled loops increase the memory usage of the program which may be detrimental depending on the speed and quantity of memory etc.

about three weeks ago
top

One Billion Android Devices Open To Privilege Escalation

Bert64 Re:Nope (117 comments)

On the other hand, the likelihood of this vulnerability actually being exploited is quite low for quite a few reasons... Primarily, because it requires that you first install a malicious app and then upgrade to a version of android which actually implements some new permissions...

1, very few users ever update (or even have updates available)
2, manufacturers will sometimes patch android but usually not provide updates to whole new versions and the small incremental patches wont introduce any new permissions
3, now that this issue has been discovered its highly likely that future updates will contain a fix for it, and users are unlikely to update to a version that isnt the latest available for their particular handset, so *if* they can and do update they will be patching this issue anyway.

about a month ago
top

Linux May Succeed Windows XP As OS of Choice For ATMs

Bert64 Re:Ok seriously though ... (367 comments)

Linux has 2 advantages here...

1, you have the source code so anyone can provide patches, not just the original vendor. If your shipping out thousands of ATMs you can even afford to employ a few developers yourself.
2, linux is far more modular so you can remove all the crap you don't require - if its not present it doesn't need to be patched.
3, linux has lots of distros to choose from, with varying levels of support.. some of the embedded ones are actively supported for a long time

about a month ago
top

Linux May Succeed Windows XP As OS of Choice For ATMs

Bert64 Re:Ok seriously though ... (367 comments)

Why would the banks have to do it? Banks don't build their own ATMs, they buy ready made ones and slap a bit of branding on top...
For the manufacturers of ATMs, the burden of supporting a cut down ATM-specific linux distro is rather minimal compared to the support they have to provide for the hardware and their own application anyway. If you stripped down a linux system to the bare essentials necessary to run an ATM, you'd not have a lot of code running there so there wouldn't be a huge number of patches you'd need to backport anyway. Plus there are other organisations in other markets in the same boat with whom you could share resources.

about a month ago
top

Speedy Attack Targets Web Servers With Outdated Linux Kernels

Bert64 Re:It would be nice to know what Web Server... (93 comments)

Have you not looked in access logs or firewall logs? chances are whoever is exploiting this is also actively scanning for it...

about a month ago
top

Linux May Succeed Windows XP As OS of Choice For ATMs

Bert64 Re:Here's what I don't get (367 comments)

What happens if MS goes tits up? Where do you get your compatible OS from?

Having multiple suppliers for something important makes sense, but running single vendor software completely destroys that benefit.

about a month ago
top

Linux May Succeed Windows XP As OS of Choice For ATMs

Bert64 Re:Here's what I don't get (367 comments)

Not only support it themselves, but if they strip the system down to the bare essentials there will be a lot less that actually needs maintaining... Having a load of unnecessary code on your device is stupid, doubly so if you have to keep patching it.

about a month ago
top

Linux May Succeed Windows XP As OS of Choice For ATMs

Bert64 Re:Good for Linux (367 comments)

Most businesses don't think that far ahead, at least when it comes to things which are not their core business...
The idea that they would make their business dependent on software only available from a single vendor is equally staggering.

about a month ago
top

Ex-Microsoft Employee Arrested For Leaking Windows 8

Bert64 Re:Stealing? (197 comments)

The exclusivity of the trade secrets was not stolen, neither party has exclusivity anymore...
The exclusivity was destroyed, since no noone has exclusivity.

about a month ago
top

Malware Attack Infected 25,000 Linux/UNIX Servers

Bert64 Re:next they will say Mac's get viruses (220 comments)

That's assuming the malware is targeting end user workstations... The malware discussed in this article explicitly targets servers, and linux is far from an obscure platform when it comes to servers.

There are many other reasons than lack of desktop users why there is less malware for linux... Linux users are far less likely to be running with admin privileges, linux users have to take extra steps to execute a random binary, linux users are less likely to want to execute random binaries due to the prevalent use of repositories, linux users are generally more savvy than windows users, linux users are more likely to have updated their applications (again due to repositories)...

Also the idea of "security through obscurity" is usually promoted by proponents of closed source, who somehow think that restricted distribution of the sourcecode will prevent people from finding exploitable holes.

about 1 month ago
top

Eric Schmidt On Why College Is Still Worth It

Bert64 Re:Going bust not unique to drop-outs (281 comments)

Depends wether you can get a job quickly enough.. If you go straight into work instead of taking out several years studying then you will build experience sooner. Of course the situation is different for everyone.

about a month ago
top

Top E-commerce Sites Fail To Protect Users From Stupid Passwords

Bert64 Re: I don't understand length limits (162 comments)

A lot of sites with tough password policies are too self important... Most of the things i'm signed up to online i don't particularly care if they get cracked, and so use weak and easily remembered passwords for them if possible.

about a month ago
top

Top E-commerce Sites Fail To Protect Users From Stupid Passwords

Bert64 Re:correct horse battery staple (162 comments)

Requiring the site name in the password is stupid, anyone launching a brute force attack will simply take that (and any other policy requirements) into account, eg if you know the password policy requires mixed case and minimum length of 8 then you don't need to try all lowercase passwords or anything shorter than 8.

Similarly locking out after a number of guesses is dangerous, that means an attacker who doesn't know your password can still cause a denial of service against your account, and its utterly ineffective against most brute force attacks as they will go after a huge number of usernames using a small number of passwords rather than the other way round.

about a month ago

Submissions

top

Bert64 Bert64 writes  |  more than 7 years ago

Bert64 writes "It seems that eBay allows you to say one thing about the location of an item in the auction description, but then if the item turns out to be defective to supply a completely different address, in another country, where the item can be returned at buyer's expense. No mention of this was in the original auction listing, in the hope of fooling those who would normally not buy from a foreign seller. Details on http://www.ev4.org/ of how i was stung by this, and how it can so easily be abused by anyone to profit by ripping off unsuspecting buyers while ebay sits back and does nothing about it. So anyone can ship defective items, and then make the returns process expensive enough that people won't bother."

Journals

Bert64 has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...