Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Building a Honeypot To Observe Shellshock Attacks In the Real World

QuietLagoon Shared hosting (22 comments)

...Since attackers are systematically scanning all available addresses in the IPv4 space...

If your site is on a server that does shared (or virtual) hosting, then IP address scans will usualy not trigger shellshock from your site because your site needs to be accessed via its URL. Accesses via IP address will usually go to a main site on that server, and that main site may not have any exploitable content.

... On one hand, that's a lot for a machine no one knows anything about; on the other, it indicates that attackers haven't wholesale dumped other methods in favor of going after this particular bug....

This is a straw man. Of course the bad guys are not going to walk away from all the other exploits in their toolbox. No one said they would.

Most of the shellshock accesses I see are just scans, i.e., the bad guys are building an inventory of what hosts are vulnerable. I haven't seen too many (i.e., only a very few) attempts to take over the host.... yet.

1 hour ago
top

Xen Cloud Fix Shows the Right Way To Patch Open-Source Flaws

QuietLagoon Re:Apples and Oranges (56 comments)

... BASH and OpenSSL are more key infrastructure bits than Xen is. What I mean is that they are integrated into FAR more devices and systems making a silent patch nearly impossible.

Quite correct.

.
Just try to estimate the number of devices affected by Heartbleed and Shellshock. It's probably in the billions.

As a case in point, a single Zen installation can host hundreds, maybe even thousands, of vulnerable installations of Shellshock and Heartbleed.

It is truly an apples and oranges comparison.

1 hour ago
top

Back To Faxes: Doctors Can't Exchange Digital Medical Records

QuietLagoon Re:Bruce Perens (231 comments)

When Bruce Perens was getting questions from slashdot, I asked whether Obamacare should have mandated the use of open source software....

Easy to ask, difficult to do.

.
Obamacare barely passed when Congress considered it. If such an open-source requirement were in the law, then lobbyists from EPIC-type companies would be all over Congress, and Obamacare would have never passed.

Companies pay lobbyists to make sure Congress passes laws that put money into the companies' coffers. Things like cost-efficiency are not part of that equation.

yesterday
top

Microsoft's Asimov System To Monitor Users' Machines In Real Time

QuietLagoon To be used as a justification... (266 comments)

Asimov is going to be used by Microsoft to justify what Microsoft wants to do, no more, no less.

.
Microsoft will be the sole collector and interpreter of the data.

Microsoft will release information about the data collected only when such information justifies what Microsoft had wanted to do anyway.

2 days ago
top

Tor Executive Director Hints At Firefox Integration

QuietLagoon Firefox's market share is declining (117 comments)

Why would Tor want to work with a browser whose market share is in decline?

2 days ago
top

Consumer Reports: New iPhones Not As Bendy As Believed

QuietLagoon Re:To summarize: (302 comments)

... For all we know 20lbs is fine.

Apparently, 20 pounds is not fine.

4 days ago
top

Consumer Reports: New iPhones Not As Bendy As Believed

QuietLagoon To summarize: (302 comments)

The iPhone 6 Plus, the iPhone 6, and the HTC one (M8) have abnormally low resistance for bending forces (less than 90 pounds).

.
While the iPhone 5, the LG G3, and the Samsung Galaxy Note 3 are much better in this regard (all >= 130 pounds), with the Samsung Galaxy Note 3 at the top of the tests with 150 pounds.

4 days ago
top

Ask Slashdot: Swift Or Objective-C As New iOS Developer's 1st Language?

QuietLagoon Re:C# using xamarin (314 comments)

If you plan to develop for more than one platform, keep in mind that the greatest amount of effort will be expended as you port the single-platform app to the second platform.

.
So, as the parent suggests, start from the beginning targeting multi-platform in your design stages. A small amount of extra effort in the beginning will save you a large amount of work down the road. And your apps will be less buggy.

5 days ago
top

Ask Slashdot: Swift Or Objective-C As New iOS Developer's 1st Language?

QuietLagoon Re:Obj-C (314 comments)

The parent is informative? No specifics are given, nothing of substance is mentioned. Just one person's [rather obviously biased] opinion.

.
It looks like me as little more than fanboi cheerleading.

5 days ago
top

PostgreSQL Outperforms MongoDB In New Round of Tests

QuietLagoon Now, if only they'd come up with... (147 comments)

... a pronounceable name for the PostgreSQL software, one that does not require a FAQ entry to instruct in the correct pronunciation.

about a week ago
top

FBI Chief: Apple, Google Phone Encryption Perilous

QuietLagoon Following the law... (353 comments)

... "I like and believe very much that we should have to obtain a warrant from an independent judge to be able to take the contents," FBI Director James Comey told reporters. ...

Unfortunately his statement is not reflective of the government's behavior over the past few years.

.
If the government had obtained warrants when they wanted to browse through peoples' emails and conversations (on the phone, on the network, or in the datacenter), then I doubt if google and apple would have seen the need to take this step.

about a week ago
top

Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild

QuietLagoon Re:"could be worse than Heartbleed" (317 comments)

Outside of malicious HTTP headers landing in environment variable in CGI land, I'm hard pressed to think of another reasonable vector for this bug to be a problem...

This blog post mentions php, c++, python, et alia, as another attack vector.

This means that web apps written in languages such as PHP, Python, C++, or Java, are likely to be vulnerable if they ever use libcalls such as popen() or system(), all of which are backed by calls to /bin/sh -c '...'. There is also some added web-level exposure through #!/bin/sh CGI scripts, calls in SSI, and possibly more exotic vectors such as mod_ext_filter.

about a week ago
top

Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild

QuietLagoon defaultwebpage scans (317 comments)

I've already seen a few of these scans so far today.

about a week ago
top

Significant BASH vulnerability found

QuietLagoon Not just bash... (2 comments)

There appear to other aspects of this vulnerability.

.
For example, if /bin/sh is symlinked to /bin/bash...

Another good overview is here.

Reports on the latest Bash bug have gone from bad to worse, as damage from the bug spreads and many early patches are proving ineffective. Unlike Heartbleed, Bash attacks allow for remote code execution, allowing an attacker to exploit the vulnerability for malware distribution. Most attacks from the bug will target web servers and network devices, with experts saying that PHP-based web applications will be particularly vulnerable. Connected devices like smart appliances are also expected to be vulnerable in the long-term, since the devices are often slow to be patched, but early reports indicate an alarming number of systems may be at risk. As Kaspersky Lab's David Jacoby put it, "the real scale of the problem is not yet clear."...

about a week ago
top

Seattle Passes Laws To Keep Residents From Wasting Food

QuietLagoon Re:This has nothing to do with wasting food (383 comments)

...And what does it have to do with technology?

I've been noticing a trend in many of the articles that make it to the front page here. The trend is towards more inflammatory political-oriented articles that have little or only a marginal relation to technology.

.
Maybe after the failed site redesign, the new owners are trying to increase page hits by turning /. into a drudge-like site with lots of misleading headlines.

about a week ago
top

Fork of Systemd Leads To Lightweight Uselessd

QuietLagoon udev (469 comments)

Good to see the udev functionality being removed. Not only was its functionality irrelevant to the purpose of the code that subsumed it, udev apparently introduced too many other issues inappropriate for a PID=1 process.

about two weeks ago
top

Data Archiving Standards Need To Be Future-Proofed

QuietLagoon Re:Punch cards (113 comments)

Don't forget temperature survival. Yeah, I mentioned EMP, but there are also other environmental attacks that must be diverted, such as temperature, and water. Shielding won't prevent something from melting.

.
It's the end of the world, how will you save your data?

about two weeks ago

Submissions

top

A&E Network: Disabling Video On Demand Fast-Forward Is Good

QuietLagoon QuietLagoon writes  |  about two weeks ago

QuietLagoon (813062) writes ""A study commissioned by A+E Networks concluded fast-forward disabling did not have any “adverse effects” to the program viewing experience via Video On Demand, nor did it negatively impact intent to continue using VOD."

Apparently, the Video On Demand viewers enjoy watching commercials, and do not mind the removal of the ability to fast forward past those commercials."
top

Does Microsoft view Windows desktop as a dead end?

QuietLagoon QuietLagoon writes  |  about 3 months ago

QuietLagoon (813062) writes "Mr. Nadella, CEO Microsoft, sent out an email last week that outlined Microsoft's focus for the future. One had to wade through more than half of the email before there was any mention of Windows desktop.

In his all-hands strategy email of last week, Microsoft CEO Satya Nadella demoted Windows to a handful of terse mentions deep in the 3,100 communique, a clue how he, and thus the company, now see the firm's long-time cornerstone. "Windows will deliver the most rich and consistent user experience for digital work and life scenarios on screens of all sizes — from phones, tablets and laptops to TVs and giant 82-in PPI boards," Nadella said in one of the first uses of "Windows" in his massive message. That sentence appeared well past the half-way mark in the email: 60% of the message preceded it.

Is Microsoft now unable to innovate within the desktop Windows space? Is Mr. Nadella's memo a tacit admission by Microsoft that there is little innovation left in the desktop space? Is Microsoft's inability to innovate in the desktop space indicative of a larger problem within Microsoft? Has rigor mortis set in?"

top

In China, Human Costs Are Built Into an iPad

QuietLagoon QuietLagoon writes  |  more than 2 years ago

QuietLagoon (813062) writes "As a follow-up to the article a couple of days ago, the New York Times has an above-the-fold front-page article today about the horrible working conditions in the Chinese factories that Apple uses.

Employees work excessive overtime, in some cases seven days a week, and live in crowded dorms. Some say they stand so long that their legs swell until they can hardly walk. Under-age workers have helped build Apple’s products, and the company’s suppliers have improperly disposed of hazardous waste and falsified records, according to company reports and advocacy groups that, within China, are often considered reliable, independent monitors.

More troubling, the groups say, is some suppliers’ disregard for workers’ health. Two years ago, 137 workers at an Apple supplier in eastern China were injured after they were ordered to use a poisonous chemical to clean iPhone screens. Within seven months last year, two explosions at iPad factories, including in Chengdu, killed four people and injured 77. Before those blasts, Apple had been alerted to hazardous conditions inside the Chengdu plant, according to a Chinese group that published that warning (PDF alert).
"

Link to Original Source
top

Global Internet governance fight looms

QuietLagoon QuietLagoon writes  |  about 3 years ago

QuietLagoon (813062) writes "The global fight among governments over control of the Internet is heating up amid a flurry of documents, the opening of the United Nations' General Assembly (GA) and next week's Internet Governance Forum (IGF). Will the change in Internet governance result in states like China and Russia exerting more control over what is allowed on the Internet? The United States has so far comprehensively outmaneuvered attempts by other governments to seize control of the Internet, helped by the fact that it holds the keys and represents the status quo. But how long will it continue to be able to do so?"
Link to Original Source
top

Doctors and Dentists censoring patients

QuietLagoon QuietLagoon writes  |  more than 3 years ago

QuietLagoon (813062) writes "Timothy Lee writes about his experience with a dentist.

"When I walked into the offices of Dr. Ken Cirka, I was looking for cleaner teeth, not material for an Ars Technica story. I needed a new dentist, and Yelp says Dr. Cirka is one of the best in the Philadelphia area. The receptionist handed me a clipboard with forms to fill out. After the usual patient information form, there was a "mutual privacy agreement" that asked me to transfer ownership of any public commentary I might write in the future to Dr. Cirka. Surprised and a little outraged by this, I got into a lengthy discussion with Dr. Cirka's office manager that ended in me refusing to sign and her showing me the door...."

Can a patient be required to sign such an agreement before medical care is tendered? What if the medical care is more urgent or an emergency? Can the patient be in the correct frame of mind to sign a legal agreement?"

Link to Original Source
top

Should Microsoft be split up?

QuietLagoon QuietLagoon writes  |  more than 3 years ago

QuietLagoon (813062) writes "Goldman Sachs had downgraded Microsoft from "buy" to "neutral," criticizes the company's efforts in mobile computing, and most radically, suggests that the company carve out its consumer business from its enterprise one. This is just one more sign that Microsoft could use a vision overhaul. ...

The report also warned that Microsoft isn't likely to make any headway in mobile this year because "Apple's iPad and iPhone plus Google's Android operating system are well established."

That's putting it mildly. Windows Phone 7 will have to be a spectacular success if it's to make any headway not just this year, but in the next several years as well. And Microsoft may try to sue Android out of business, but technology, not lawsuits, are going to have the lead the way.


What do you think? Does Microsoft have a chance of catching in the mobile devices marketplace? Is the enterprise where Microsoft's future lives?"
top

New AVG fetaure DDoS's the Internet

QuietLagoon QuietLagoon writes  |  more than 6 years ago

QuietLagoon (813062) writes "The Register is running a story about a new feature in the AVG virus scanner.

Six months ago, AVG acquired Exploit Prevention Labs and its Linkscanner, a tool that automatically scans search engine results before you click on them. If you search Google, for instance, and ten results turn up, it visits all ten links to ensure they're malware free. Then, in late April, AVG rolled Linkscanner into its anti-virus engine, which has about 70 million active users worldwide. The company estimates that 20 million machines have upgraded to the tool's new incarnation, AVG version 8, and this has already cooked up enough ghost clicks to skew traffic not only on The Reg but any number of other sites as well.
What will the effect be when AVG rolls this new fewture out to all of its 70 million users?"
top

Here come the thought police

QuietLagoon QuietLagoon writes  |  more than 6 years ago

QuietLagoon (813062) writes "In a Baltimore Sun op-ed piece, Ralph E. Shaffer and R. William Robinson write, 'With overwhelming bipartisan support, Rep. Jane Harman's "Violent Radicalization and Homegrown Terrorism Prevention Act" passed the House 404-6 late last month and now rests in Sen. Joe Lieberman's Homeland Security Committee. Swift Senate passage appears certain.

'Not since the "Patriot Act" of 2001 has any bill so threatened our constitutionally guaranteed rights.

'The historian Henry Steele Commager, denouncing President John Adams' suppression of free speech in the 1790s, argued that the Bill of Rights was not written to protect government from dissenters but to provide a legal means for citizens to oppose a government they didn't trust. Thomas Jefferson's Declaration of Independence not only proclaimed the right to dissent but declared it a people's duty, under certain conditions, to alter or abolish their government....

'Ms. Harman's proposal includes an absurd attack on the Internet, criticizing it for providing Americans with "access to broad and constant streams of terrorist-related propaganda," and legalizes an insidious infiltration of targeted organizations. The misnamed "Center of Excellence," which would function after the commission is disbanded in 18 months, gives the semblance of intellectual research to what is otherwise the suppression of dissent.'"
top

Comcast blocks some Internet traffic

QuietLagoon QuietLagoon writes  |  more than 6 years ago

QuietLagoon (813062) writes "MSNBC is reporting the results of an Associated Press test that show Comcast blocks some Internet traffic. "Comcast Corp. actively interferes with attempts by some of its high-speed Internet subscribers to share files online, a move that runs counter to the tradition of treating all types of Net traffic equally.

"The interference, which The Associated Press confirmed through nationwide tests, is the most drastic example yet of data discrimination by a U.S. Internet service provider. It involves company computers masquerading as those of its users.

"If widely applied by other ISPs, the technology Comcast is using would be a crippling blow to the BitTorrent, eDonkey and Gnutella file-sharing networks. While these are mainly known as sources of copyright music, software and movies, BitTorrent in particular is emerging as a legitimate tool for quickly disseminating legal content.

"The principle of equal treatment of traffic, called "Net Neutrality" by proponents, is not enshrined in law but supported by some regulations. Most of the debate around the issue has centered on tentative plans, now postponed, by large Internet carriers to offer preferential treatment of traffic from certain content providers for a fee....
"
top

QuietLagoon QuietLagoon writes  |  more than 7 years ago

QuietLagoon (813062) writes "Zenith Electronics Corporation said today that Engineer Robert Adler, who co-invented the TV remote control with fellow Engineer Eugene Polley, has passed on to the big sofa in the sky. In his six-decade career with Zenith, Adler was a prolific inventor, earning more than 180 U.S. patents. He was best known for his 1956 Zenith Space Command remote control, which helped make TV a truly sedentary pastime. The National Academy of Television Arts and Sciences awarded Adler and co-inventor Polley, another Zenith engineer, an Emmy in 1997 for the landmark invention."
top

QuietLagoon QuietLagoon writes  |  more than 7 years ago

QuietLagoon (813062) writes "The email transcripts of Microsoft anti-trust trials always make for interesting reading, and the Iowa trial is continuing the tradition. An email from Jim Allchin asks the question of whether Microsoft has lost sight of what matters to its customers:

Exhibit 7264. Almost three years ago, on January 7, 2004, Jim Allchin, the senior executive at Microsoft, sent an E-mail to Microsoft's top two executives, Bill Gates and Steve Ballmer, and the subject was losing our way. Mr. Allchin says, I'm not sure how the company lost sight of what matters to our customers, both business and home, the most, but in my view we lost our way. I think our teams lost sight of what bug-free means, what resilience means, what full scenarios mean, what security means, what performance means, how important current applications are, and really understanding what the most important problems our customers face are. I see lots of random features and some great vision, but that does not translate into great products. He goes on to say, I would buy a Mac today if I was not working at Microsoft."
top

QuietLagoon QuietLagoon writes  |  about 8 years ago

QuietLagoon (813062) writes "The next version of Windows Media player that will be appearing in Windows Vista has upped the ante for DRM, removing a significant portion of the rights you have to the media content you own. So much so, that a Microsoft VP appears to be advocating the flaunting of DMCA in order to get the content into Zune, "Lots of DVD ripping software out there..."

What do you think about the loss of the rights to use the media you own?"

Journals

QuietLagoon has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?