×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Toyota Accelerator Data Skewed Toward Elderly

Henry V .009 Re:Good god, please stop (776 comments)

Wrong. Your post: '...in that the Google spreadsheet provided was tracking incidents, not fatalities...'

Article: 'The Los Angeles Times recently did a story detailing all of the NHTSA reports of Toyota "sudden acceleration" fatalities...' And yes, the spreadsheet data is from the LAT story.

And no, to poke holes in the author's idiot argument, I don't have to figure anything out about the "percentage of Prius drivers, blah blah blah." I would have to do that if I wanted to find the real numbers. Instead, I just demolished the author's prima facie case. Once that goes down there is no reason to invest more time on it. He can make the case again with better data if he feels like it. I'm not about to throw any more mental effort after an idiot's idea.

about 4 years ago
top

Toyota Accelerator Data Skewed Toward Elderly

Henry V .009 Re:Good god, please stop (776 comments)

Oh...did your feelings get hurt? That makes me feel so rotten about myself! I was inconsiderate. Maybe I brought up unpleasant memories of your childhood? You can talk about it. Nobody here will make fun.

about 4 years ago
top

Toyota Accelerator Data Skewed Toward Elderly

Henry V .009 Re:Good god, please stop (776 comments)

Hey, you sure got me. Really stuck it to me..oh shit, no you didn't, you just can't read. From the article: 'The Los Angeles Times recently did a story detailing all of the NHTSA reports of Toyota "sudden acceleration" fatalities, and, though the Times did not mention it, the ages of the drivers involved were striking.'

about 4 years ago
top

Toyota Accelerator Data Skewed Toward Elderly

Henry V .009 Good god, please stop (776 comments)

If you read the above article and thought, "gee, what convincing evidence," then you're a moron.

It's not a surprise that traffic fatalities were skewed towards the elderly. In any given accident, an elderly person is much more likely to die than a young person. They're not as sturdy.

Now that you're a little bit less of a moron, please go on with your day.

about 4 years ago
top

Pope Urges Priests To Go Forth and Blog

Henry V .009 Re:Religion (284 comments)

I don't know. I'm not Catholic, but I read Fr. Z's blog at wdtprs.com fairly frequently. It's not spam by any stretch. It's interesting to peep into another world.

more than 4 years ago
top

German Government Advises Public To Stop Using IE

Henry V .009 Right Decision? (320 comments)

According the original article, DEP (enabled by default in IE8) and sandbox mode (Windows 7, Vista) all stop this zero day.

If that is the case, doesn't that in IE's favor, nor against? All browsers have vulnerabilities. All of them have zero-days. However, it seems that IE has some pretty good built-in protections that Firefox lacks.

more than 4 years ago
top

X11 Chrome Reportedly Outperforms Windows and Mac Versions

Henry V .009 Re:Ummm... (542 comments)

Yeah, at least the first one was succinct.

more than 4 years ago
top

The Gathering Storm Discussion

Henry V .009 Re:Most Sci-fi/Fantasy is teen-lit fare (186 comments)

Murakami is aces at making you feel good about your literary hoity-toityness. But I, for one, have better things to think about than the opium dreams of some oversexed wit-lit writer. There are no real ideas or insights there. It's fluff.

Now, Dostoevsky or Tolstoy...

more than 4 years ago
top

Math Indicates Pollster Is Forging Results

Henry V .009 Re:What's wrong with this data? (319 comments)

Really, why not try proving that a particular digit should be uniformly distributed? I'll give you a minute.

Not done yet? I'll give you a hint: Benford's Law shows why it doesn't have to have a uniform distribution. The original critique is likely fallacious.

more than 4 years ago
top

3 of 4 Charges Against Terry Childs Dropped

Henry V .009 Re:Why isn't he turning over the passwords? (189 comments)

I looked up the story. It's sort of bizarre. Unless he had no supervisor and reported directly to the mayor, he didn't have much justification for not turning over the passwords at the get-go.

more than 4 years ago
top

3 of 4 Charges Against Terry Childs Dropped

Henry V .009 Why isn't he turning over the passwords? (189 comments)

That's the one thing that confuses me. He still hasn't turned over any passwords, right? Why not?

more than 4 years ago
top

Flickr Yanks Image of Obama As Joker

Henry V .009 Re:Free speech and democracy? (869 comments)

Moron. A correct statement, maybe, would be that "corporate censorship is not prohibited by the first amendment of the American constitution under current SCOTUS interpretation."

Saying that corporate censorship has no relation to free speech is wrong and stupid. It's a very important consideration when looking at speech issues.

more than 4 years ago
top

The Homemade Hard Disk Destroyer

Henry V .009 Re:Stand drill (497 comments)

It's magnetic. Self-clean mode on your oven would probably do the job.

more than 4 years ago
top

Local Privilege Escalation On All Linux Kernels

Henry V .009 Re:Security through Obscurity? (595 comments)

I believe that "Critical" updates usually need to be remote.

more than 4 years ago
top

Local Privilege Escalation On All Linux Kernels

Henry V .009 Re:Security through Obscurity? (595 comments)

From your link, it looks like it was patched as an "Important" security vulnerability.

more than 4 years ago
top

Ubuntu's New Firefox Is Watching You

Henry V .009 Re:Free as in speech (330 comments)

All true statements, but pointless because you left out at least one freedom: people are also free to complain until Ubuntu does something about it to save their brand.

more than 4 years ago
top

Apple Working On Tech To Detect Purchasers' "Abuse"

Henry V .009 No story here (539 comments)

I think that the submitter wrongly believes that these sensors are going to report back to Apple over the internet or somesuch. Hence the faux concern.

more than 4 years ago
top

Twitter Faces Patent Infringement Lawsuit

Henry V .009 Re:I'm honestly surprised... (236 comments)

You mean that they're only a part-time patent troll.

more than 4 years ago
top

Hubble Photographs Jupiter's New "Scar"

Henry V .009 Re:Size (60 comments)

There's already a wonderful way to deflect asteroids. It's called Jupiter.

more than 4 years ago
top

Stroustrup Says New C++ Standard Delayed Until 2010 Or Later

Henry V .009 Re:But will they be useful without concepts? (501 comments)

Stroustrup alludes to it in his article, but I think that the point needs to be emphasized. Concepts need to primarily be about making the experience of using and creating templates easier. It needs to be about fixing the sort of error you mentioned.

The problem with the current proposal is that it tried to be too many things to too many people. Concept supporters need to regroup and come up with a streamlined concepts proposal that concentrates on making the language easier and simpler.

more than 4 years ago

Submissions

top

WoW Mother convicted of starving child to death

Henry V .009 Henry V .009 writes  |  more than 4 years ago

Henry V .009 (518000) writes "Rebecca Christie was convicted of a 2006 murder, today. The New Mexico mother let her 3-year-old toddler starve to death while she played World of Warcraft. According to one article (sorry, you'll have to click on the ad to view), "the house was filled with cat feces, moldy food and unwashed dishes when the child was taken to an Alamogordo hospital emergency room with severe dehydration." More here, including comments by Rebecca's fellow WoW players."
Link to Original Source
top

Why Zed Shaw uses (A/L)GPL

Henry V .009 Henry V .009 writes  |  more than 4 years ago

Henry V .009 (518000) writes "From Zed Shaw's newest rant: Honestly, how many of you people who use open source tell your boss what you're using? How many of you tell investors that your entire operation is based on something one guy wrote in a few months? How many of you out there go to management and say, "Hey, you know there's this guy Zed who wrote the software I'm using, why don't we hire him as a consultant?" You don't. None of you. You take the software, and use it like Excalibur to slay your dragon and then take the credit for it. You don't give out any credit, and in fact, I've ran into a vast majority of you who constantly try to say that I can't code as a way of covering your ass."
top

Bill Gates Opens Jar of Mosquitoes During Talk

Henry V .009 Henry V .009 writes  |  more than 5 years ago

Henry V .009 (518000) writes "Dave Morin of Facebook Twittered from TED2009: "Bill Gates just released mosquitos into the audience at TED and said, 'Not only poor people should experience this.'" Indeed. Cue the Vista jokes."
top

What Can I Do About Stupid Users?

Henry V .009 Henry V .009 writes  |  more than 5 years ago

Henry V .009 (518000) writes "I'm a systems administrator at a mid-sized college. Our users keep falling for the "Please send us your password" Webmail scam emails that are going around. At first it was only the non-English speaking grad students who would fall for it. Later, as the messages got more sophisticated, the professors began falling for it. And now even the undergraduates are sending out their passwords to the spammers. Currently we use an email intercept list that catches all messages to a small number of the scammer's reply-to addresses. We have a large message on our webmail page asking users to please not give out their passwords. Our spam filters catch many, but not all, of the incoming scam messages. And still I have to spend my weekends revoking accounts. What else can I do?"
top

Amazon Blackmails Print-On-Demand Publishers

Henry V .009 Henry V .009 writes  |  about 6 years ago

Henry V .009 (518000) writes "MobileRead points out this Writer's Weekly story, calling what Amazon is doing to their print-on-demand publishers "blackmail". Amazon is trying to use their online market share to drive independent print-on-demand presses out of business, in favor of Amazon's own press: Booksurge. Use Booksurge, Amazon is telling publishers, or see your books taken off their site. Legal competition? Possibly. Good for the book business, book lovers, or Amazon's brand? Not so much (cf. this well-loved monopoly). A lot of small publishers are hoping that the "bad press" will get Amazon to drop their noxious new business practice."
top

Halting State by Charles Stross

Henry V .009 Henry V .009 writes  |  more than 6 years ago

Henry V .009 writes "You are reading this on Slashdot, which means I can give you the short version: go read Halting State by Charles Stross.

Or at least go read the prologue. Mail-Allegedly-From: recruitment@DO_NOT_REPLY.round-peg-round-hole.com. Subject: Attn Nigel — job offer. Auto-Summary: A job offer, vaguely menacing. Spam-Weighting: 70% probable, but worth a look.

And if that's not enough, check out my review.

Charles Stross is a U.K. author specializing in, ah, well it's what Vernor Vinge would be writing if Vinge were a Linux hacker instead of a CS professor. His short story A Colder War and his novel The Atrocity Archives are fun, Lovecraftian, cyberpunk, based on an alternate Cold War between superpowers that faced off with weapons that make nuclear-tipped ICBMs seem oddly comforting (at least they won't eat your souls), a world where Turing successfully completed his last theorem on "Phase Conjugate Grammars for Extra-dimensional Summoning," and where the Nazis had come within a hair's breadth of brute-forcing the same research with the simpler expedient of mass sacrifice.

Stross is probably most famous for his novel Accelerando which is described on his website as "a family saga that follows three generations of a dysfunctionally postmodern lineage right through a Vingean singularity, as recounted by the family's robot cat. It's much, much weirder than that, though."

Halting State is his newest novel, set in the near-future, with a rather simple premise: A bank robbery. By a dragon. Together with a band of orcs. In a virtual game. Of a virtual bank.

Only this virtual bank is run by a very non-virtual company with distressingly realistic public stock offerings.

Which is a silly premise. You can't steal from a virtual bank, and if you could, it would be done through a hack or bug, and it wouldn't matter whether you had a band of dragons or of lowly slimes. The bank couldn't be robbed unless the game mechanics permitted it, and if they permitted it, then it's a game, not a robbery, right? So if you don't know who Stross is, and have only read the description of Halting State on Amazon.com, you might be considering giving it a pass.

Which would be wrong. If you do know Stross, then you know that he knows what he's doing. The real story is about stolen encryption keys, online alternate reality games that have a lot more reality to them then they should, and the hellish spectre of a world where MMORPG griefers have gotten their hands on some serious counter-intelligence capabilities.

The story has several main characters, a distressingly typecast sword-wielding insurance-adjuster babe, a interestingly typecast unemployed code-monkey, and a lesbian heavily Scottish-accented cop — I don't really know what that last one is doing there, but that's what makes it a Charlie Stross novel. Now cue the world getting saved by mad hax0r-ing, and you know the plot.

The book isn't all beer and skittles, however. No book with multiple main characters should be written in a second-person third-party narrative. The chapter headings make it clear who "you" is at any given time, but it's just not a joy to parse. If I were Charlie's editor, I could certainly understand the impulse to let creative genius have its space, but dammit, sometimes you've got to squash genius like the ugly bug it is, before it has the chance to grow into a monstrosity.

With that caveat, I heartily recommend Halting State. It's a must read for anybody with enough nerd in them to be reading Slashdot.

And here are the first three chapters if you'd like to whet your appetite while waiting for the book to ship:

Halting State Excerpts

Note: "www.antipope.org" is Charlie's web domain. If you think it's some sort of anti-Catholic thing, here's the actual explanation."
top

Henry V .009 Henry V .009 writes  |  more than 6 years ago

Henry V .009 (518000) writes "The The New York Times describes the life of a Chinese World of Warcraft "Gold Farmer": At the end of each shift, Li reports the night's haul to his supervisor, and at the end of the week, he, like his nine co-workers, will be paid in full. For every 100 gold coins he gathers, Li makes 10 yuan, or about $1.25, earning an effective wage of 30 cents an hour, more or less. The boss, in turn, receives $3 or more when he sells those same coins to an online retailer, who will sell them to the final customer (an American or European player) for as much as $20."
top

Henry V .009 Henry V .009 writes  |  more than 6 years ago

Henry V .009 (518000) writes "The Times Online reports that Google's power is 'less than thought.' Google boosts of taking on Microsoft with its free web applications and comes second to none in customer loyalty. But is its vaunted online advertising presence a myth? According to the article, doubts are beginning to take hold as eBay begins its Google boycott: "Before I pulled the data, I was expecting a bigger drop given the drastic removal of sponsored listing ads by eBay," [Bill Tancer] said. He added that that the impact of eBay's advertising withdrawal was reduced by the fact that 25 per cent of users visiting the internet auctioneer from Google do so after searching for eBay, rather than by clicking on one of the "sponsored links" that appear next to other search results."
top

Henry V .009 Henry V .009 writes  |  more than 6 years ago

Henry V .009 (518000) writes "A Ph.D. physicist friend of mine (whose research has been covered on Slashdot before), wants to know if technology didn't take a wrong turn a few decades ago. In 1950s science fiction the computers of the 21st century were as big as a building — but faster than light drives were easy. Were the imagined worlds of 1950s science fiction better than what we actually got? My friend asks, would you rather live in a world with laptop and desktop computers, or one with interstellar travel?"
top

Henry V .009 Henry V .009 writes  |  about 7 years ago

Henry V .009 (518000) writes "The Albuquerque Journal reports that Federal authorities have just charged Rebecca Wulf for allowing her 3-year-old daughter to starve to death, surrounded by "cat feces, moldy food and unwashed dishes" while Rebecca played World of Warcraft. I thought Slashdoters might want an early heads up on what is likely to become a big news story. Having worked with abused children in the past, I can say that the stories I hear of WoW addiction cases are on the level of hard drug addiction stories — in my opinion at least, this can no longer be dismissed as a 'you can be addicted to anything' issue anymore."

Journals

top

Henry V .009 Henry V .009 writes  |  more than 8 years ago Security suggestions gleaned from the comments in this article:

Unix:

  • recompile the kernel without suport for loadable modules
  • not having dev tools installed on your servers (quite often source root kits require them)
  • keeping copies of /bin and /usr/bin on some ro media (either a CD or on a seperate server mounted ro), and checking them ageinst you're working copies regularly.
  • running chkrootkit :-)
  • -Mount / ro. You need to set up seperate space for /tmp and /var (not to mention /home) but this will defeat 99% of the automated root kits, of course,
  • if the attacker gets in personnally, all bets are off...
  • Its fairly easy to put a module in Linux using /proc/kmem even if modules are disabled.
  • Run the services chrooted
  • Run pound in front of your web server / web services
  • Use a file integrity checker
  • if you're running BSD, set kern.securelevel to 1 or 2 [to prevent loading new modules]
  • Phrack guide to loading modules sneakily
  • ... tripwire ...

    Oh, and don't forget to mention that you should run tripwire from a known-secure system (a Knoppix CD, for instance) at least once in a while. Indeed, if your system is infested by a good rootkit, it could itself so well that it would play back a phony, made to look innocent contents of any files that it had infected.

    Same goes for lsmod, ps and other tools (it is however very rare that a rootkit is so thorough as to hide itself from all tools. Most often an rpm -q --verify -a finds the nasties). But if you're really paranoid, run your tripwire and rpm --verify from an external system, not from within the one you want to examine.

Windows:

  • Shameless plug: I've written a script that should be able to help find any rootkits that are listening on tcp/udp on windows. Heres the link
  • RootkitRevealer is your friend.
  • I recently cleaned a machine infected with a rootkit that was NOT detected with Rootkit Revealer. The virus loaded itself via the HKLM/Soft/MS/Windows/Run key, as usual, but it didn't show on regedit nor elsewhere, and the Rootkit Revealer did not detect the "missing" key. The only way to see and remove it was to boot with a WinPE CD.
  • Oh, here's a useful tip for people.. there is a cheaper alternative to WinPE.. BartPE [nu2.nu], it requires Windows XP to build the bootable cd but in terms of usefulness it's a nice little life saver. Can also be extended with Ultimate Boot CD (UBCD) [ubcd4win.com].
  • re you sure it wasn't just hidden by the buffer issue thats known to exist in regedit.exe? zipzappromos does this, as well as a number of others. No rootkit, just an exploit in an OS flaw
  • Strider Ghostbuster, [microsoft.com], a Microsoft developed technique for detecting all persistant and stealthy rootkits .
  • And that's why you apply a few simple security measures, such as denying LocalSystem access to CMD.EXE and other powerful utilities via NTFS permissions. You can do this to bring LocalSystem down to a level lower than Administrator, and virtually nothing breaks if you do it with a little bit of forethought. Yes, it takes a little bit of work to do the initial planning, but once it's done you script it and bingo. And there are plenty of examples on websites of sample lockdowns plus the scripts (using XCACLS.EXE, typically). Take those examples and customize them to your environment as needed -- you've saved yourself a whole load of the initial work.

    You can open up these permissions on a system-by-system basis if really necessary, or even better just set applications that support it to use named service accounts. Cuts out a huge number of vulnerabilities.

    You can secure a Windows system, and it's really pretty easy to do a lot of these things. You just have to know a bit of what you're doing and be prepared to put in the work. That's the biggest flaw in most MS administration shops: people who shouldn't be admins get lulled into a false sense of security because there's a pretty GUI and they don't understand what's going on behind the scenes.

General:

  • There's an easy answer: restrict what root can do [nsa.gov]. Other things that generally will help include:

    Use a "default deny" policy for *everything*

    Use secure OSes (OpenBSD is probably a good choice if you can't or don't want to use SElinux)

    Keep up with patches

    Ensure that evidence can't (easily) be tampered with (for example, use a remote, dedicated host for syslogging)

    Monitor your logs efficiently; in particular, employ a filter that allows you to suppress messages that are just noise (security-wise, that is) but that shows every log line it does not recognise (there are also filters which will try to do the reverse, but that means you'll risk overlooking important messages)

    Use hardware protection when available (for example, some (?) SCSI disks can be write-protected with a jumper setting - turn it on for the disks you have your /boot and / partitions on; if yours can't, boot from CD)

    Try to actively detect anomalies (for example, use Snort, tripwire and similar tools)

    Perform penetration tests yourself

    Be paranoid - none of your systems should trust any of the other just because they *your* systems

    That's some general advice I can think of right now. None of it is specific to rootkits, of course, but if you do things right, then you most likely won't ever get bitten by something bad - and if you still do, you'll at least be able to keep the damage to a minimum and also find out afterwards just what led to the compromise in the first place.

top

Why Yahoo can't beat Google

Henry V .009 Henry V .009 writes  |  more than 8 years ago Ever tried to search through comments in Yahoo Groups? It only lets you search a few hundred at a time. Isn't Yahoo supposed to be a search engine company or something? Maybe they should hire Google to index their stuff.

top

Densha Otoko

Henry V .009 Henry V .009 writes  |  more than 8 years ago I have been following Densha Otoko recently. A friend in Tokyo tells me that people are starting to copy the "nerd style" of the main character. Two observations:

  1. Despite so much material for it, the Japanese are not that good at 'comedy of manners.' The best exception to this the movie Tampopo. But perhaps any culture that could create Iron Chef is incapable of true comedy of manners. (The secret of Iron Chef that the American version lacks is that while it is light-hearted in certain ways, the core really is serious. In the last episode the winner sobs unfeignedly on the shoulder of his opponent after the announcement. His opponent fought with two large photographs of his dead parents out in the audience box seats.)
  2. The popularity of Densha Otoko is surprising. At heart, maybe every Japanese really is otaku. Some are just better at feigning normal than others.

top

Boost.MultiIndex

Henry V .009 Henry V .009 writes  |  more than 8 years ago Someone on the C++ moderated newsgroup mentioned Boost.MultiIndex as one of the more interesting new ideas to show up in C++ recently. It looks rather interesting so far.

top

Idiots need software too

Henry V .009 Henry V .009 writes  |  more than 8 years ago Just posted this here.

Yeah, damn Microsoft for making software that just works without forcing the user to read the manual or learn anything.

The fact is that half the population has a sub-100 IQ. Those people will never grasp Linux in its current form. The solution is certainly not telling them to go and learn something -- they went through years of schooling without managing that. The solution is making software that an idiot can use and making software that an idiot can't break. Microsoft has done the first of these. Linux fails at both.

top

Panspermia

Henry V .009 Henry V .009 writes  |  more than 8 years ago Why are there so many idiots willing to spout that Panspermia nonsense? It is batshit crazy. Its one purpose appears to be making Intelligent Design seem less crazy. Every argument that I've seen in its favor starts off with nuttery.

There is no reason that Earth should not be the first, second, and third place to look for the orginal self-replicators. And once you have self-replicators, evolution takes care of the rest.

top

Windows OneCare

Henry V .009 Henry V .009 writes  |  more than 8 years ago I just installed Windows OneCare beta. It's very nice, and works well with limited user accounts. Only the administrator can let apps through the firewall, of course, but "Run As" makes that reasonably easy. (It'll be nice once Microsoft makes it easier for apps to ask for the admin password to do things like Macs and a lot of Linux distros do. On the other hand, Microsoft's way is probably more slightly more secure at the moment.)

The backup utility should come default with Windows, however. I haven't tried the OneCare method yet, but I wonder if you'll be able to restore data after canceling the service? I hope so.

top

Improving Slashdot Moderation

Henry V .009 Henry V .009 writes  |  more than 8 years ago I have a few suggestions for how Slashdot should improve moderation:

  • Reduce the value of positive moderations for the earliest posts and increase the value of positive moderations made to later posts. The highest rated comments aren't generally the best comments. They're the first comments.
  • Allow anybody to "rate" a comment once it gets to +5 This allows the best +5s to be picked out from the pile.
  • Remove the Flamebait moderation. I've never seen this one used correctly.

top

IQ truth gets -1'ed

Henry V .009 Henry V .009 writes  |  more than 8 years ago To update my last entry, a good discussion was started by the post, but it got driven down to -1 one pretty quickly. As usual, the IQ deniers had no actual support for any of their positions. I've argued with both IQ-deniers and creationists, and I have to say that the creationists come off as more reasonable. Every once and a while they'll try to support what they say with some small piece of evidence rather than wishful thinking.

top

Slashdot needs a Journals page

Henry V .009 Henry V .009 writes  |  more than 8 years ago Slashdot does not have any sort of Journals homepage. It needs something like what Kuro5hin does with diaries.

You can get nearly the same sort of functionality by using search, however. Therefore I've updated by sig to this: Recent Slashdot journals by all users

Since the chance of the editors adding the Journal section is slim to none, please feel free to whore this link around if you want. I don't keep a journal, but there are slashdotters who post some intelligent stuff in their own.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...