×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Google Should Be Broken Up, Say European MPs

beh Re:No clue? (237 comments)

That example isn't quite the same - noone will have a problem with Microsoft offering you a free coffee on their premises.

But, if Microsoft decided that Starbucks was a threat to them and started distributing free coffee everywhere just to screw up SBUX, then that would likely be an antitrust matter.

The same could be argued for a search engine offering a free office toolkit - as it's not really the typical pairing that has anything to do with their normal search business.

The free bag service is an anemity that you might come to expect from a hotel and AT the hotel's premises; or the free chauffeur service that they might offer to and from their hotel for your arrival and departure.

about three weeks ago
top

Google Should Be Broken Up, Say European MPs

beh Re:No clue? (237 comments)

Indeed - no "stack"...
yet - unless google starts "integrating" the services into each other (integrate - not just share a home page as a starting point).

The stack example, indeed, seems misleading here.

On the other hand - while you defend google here - think back to some of the issues in the MS anti-trust case:

  - MS used proceeds from other areas to funnel huge amounts of money into IE development - much more, than any start-up could hope to match.
  - By including IE into Windows, for many people (normal users, not people working in IT) they eliminated the need to even look for other browsers - no matter, whether other browsers might have been better.
  - The inclusion of IE also meant the end for commercial browser makers - as they wouldn't have an alternative source of income. "Netscape" failed, their browser ultimately only growing because it was completely freed and open-sourced: In effect, MS might still channel more money into IE; but against the open source community that would not necessarily help, as the open-source author doesn't need to "show quarterly numbers"; quarterly profit reports, etc -- as long as the open source developer gets an income (which in many cases may stem from an unrelated day-job)...

In google's case, there is no full integration of services - but:

    - income from the advertising (which the search engine generates / facilitates) supports an ecosystem of other software - a free calendar or documents - services that _depend_ on their ad business generating the income for them. Same as MS Office paying the bills for IE.

    - the same landing page (www.google.com) being a straight entry point to not just the search, but other free offerings unrelated to search (like the news, play, ...) gives those extra services a big head-start over their competition - and one they can't hope to match (no ad space sold on the landing page).

These things make it more difficult for new enterprises to form - and it's reasonable to expect that any new area popping up on the web, google will not just also try to profit from (which would be fair enough), but they can (easily ab)use their position to help their apps further by giving them privileged exposure on their search page and continue to fund them for extended periods of time to prevent other entrants getting into that area.

about three weeks ago
top

Fish Tagged For Research Become Lunch For Gray Seals

beh Re:It ain't the seals that are wise ... (48 comments)

Apparently, if you understand the seal's dialect, you'll clearly hear them say:

So long, and thanks for all the fish!

about a month ago
top

Ask Slashdot: Can You Say Something Nice About Systemd?

beh Re:no. (928 comments)

Question: How much of that complexity can you hide from the normal user? Or - how much of that complexity is even visible to the normal user?

Complexity often comes into two parts - the complexity for the developer or admin; and the complexity for the end-user.

If I use a Mac Desktop, you can bet I don't give much of a toss over how much extra work that might mean for a developer - as long as my user experience is better.

Do you drive a car? ...despite over how much more complex it is than, say, a horse-drawn carriage?

about 2 months ago
top

Ask Slashdot: Can You Say Something Nice About Systemd?

beh Re:systemd needs to stay optional (928 comments)

I may agree with your point, that systemd is only useful for a subset of linux ecosystems - but from this, deriving that it shouldn't be default seems bizarre.

The "try to cover every possible thing" aspect that you so seem to hate for servers could be a boon for people installing it on laptops; or even their normal home PC; anyone starting out with linux.
In short - this could be a boon for a lot of people coming to Linux anew and don't know init.

So, why not leave systemd in "user centric" distros like standard ubuntu ; but keep init as default in server-distros - at least for the time being - since those are usually aimed at more experienced Unix users - who already know init.

If we can keep distros with and without a graphical desktop separate - why not do the systemd / init split along the same lines - as the desktop distros need to cater to being more user-friendly and more at home on very disparate hardware setups.

As for the optional step - if systemd may be more newbie friendly, how easy will it be to switch from init to systemd? And one of those two needs to be default - but if switching around between the two is tricky, then by all means take the more user-friendly one as standard - if the user-friendly option is difficult to install, you don't need to package it at all - as the newbie at whom you might aim it is probably the last person with the technical knowledge of what the switch means or how it could be done.

about 2 months ago
top

Former Department of Defense Chief Expects "30 Year War"

beh Re:Oh please, Biden said it best (425 comments)

Hmm - strange how "nuking" people or places can be deemed a solution worthy of discussion.

Nukes are so well targetted - so, not just do you say "Turkey, UAE, and Saudi Arabia" support ISIL - but at the same time, that those countries have noone opposing any support for ISIL or radical islamics - and so if you nuke them, you're not going to hit anyone "innocent".

The only things nukes or other more military action do is to feed radicalism - and with rising radicalism on the other side, you will find more radical policies on our side "Nuke them!".

Military support is needed to help clean up the conflict - but it does need a longer term engagement, and it needs something else than airstrikes - but actual boots on the ground to prevent massacres. This is dangerous - it puts "our" soldiers sent there right in harms way, but we can't show people there a "better alternative" by delivering it in warheads.

about 2 months ago
top

To Fight $5.2B In Identity Theft, IRS May Need To Change the Way You File Taxes

beh Re:Corporate taxes (410 comments)

Just like the ridiculous corporate taxes and corporate tax avoidance schemes, isn't it nice how we are worried about costs all the time - from TFA:

      "Such changes could impact legitimate taxpayers by delaying refunds, extending tax season and likely adding costs to the IRS."

Sure, changes incur costs...

But, before you worry too much about possible costs - how much of "(the IRS) paid $5.2 billion in fraudulent identity theft refunds in filing season 2013" would the IRS need to block in future tax years to more than offset that cost?

If they're losing $5.2 bn a year - don't you think any reasonable costs invested to prevent those "losses" might not be a good investment?

about 3 months ago
top

Cause of Global Warming 'Hiatus' Found Deep In the Atlantic

beh Re:Every week there's a new explanation of the hia (465 comments)

Strange how, just a knee-jerk you'll find some people defending the science, there are those that have the same knee-jerk reaction against any findings in this area. With all that uncontrollable knee-jerking on both sides - it seems that we have another great argument for universal health care, to get people's knees fixed again... But I digress...

Whether climate change is man-made or not - I don't think there is too much debate left on the matter. But, I'm no climate scientist, so for me personally it's a matter of "belief" that mankind is behind this. We may get some theories and models wrong on how fast global warming works - or why there may be a hiatus in it.

The question of whether we're behind this - take two past events and see how much influence we might have:

Remember the Icelandic volcano a few years back - in response to the volcanic ash, we grounded a lot of flights for a few days - and even in that time, we could measure how much the air changed - just by taking planes out of the picture for a few days.

Secondly, if you think mankind's influence isn't large enough given the size of the planet - look back at climate records around the time Krakatoa blew up - that one mountain exploding had a measurable impact on temperature and weather for 5 years; so, if a _single_ mountain on one day can create that kind of change -- are you sure, all of our industries around the world together over the course of years CAN'T?

What the planet is "too large for", is for us to do some quick and easy experiments to actually test our hypotheses quickly - so climate science does what it can mostly from observation and trying to identify as many factors as possible that DO have a measurable impact in order to MODEL what's going to happen and then wait and see how close these models correlate with what's happening.

about 4 months ago
top

The IPv4 Internet Hiccups

beh Lack of incentives...? (248 comments)

To some degree obviously, there is a lack of incentives for ISPs to change - if they still have enough addresses for themselves, then switching to IPv6 is only costs, not benefits.

Maybe some of the larger sites, like youtube, facebook, wikipedia should have a meeting to discuss the switch-over and then start shaping IPv4 traffic - just reduce capacity on IPv4 by 5% every month and see how long it will be, before ISPs will lose customers if they DON'T switch to IPv6...

about 4 months ago
top

Amputee Is German Long Jump Champion

beh Re:No, no unfair advantage at all... (175 comments)

I would guess they mean it's longer because they count its length as one piece - not as a lower leg and a foot.

Still - in terms of dimensions, it needs to be a good match with his other leg -- unlike Pistorius who would have been able to go for optimized prosthetics on both legs that would be better than "normal" legs might be... (i.e. watch the Aimee Mullins TED talk on how she can vary her height fairly significantly just through the choice of legs she wears)...

about 5 months ago
top

Amputee Is German Long Jump Champion

beh Re:No, no unfair advantage at all... (175 comments)

Hmm - I could partially understand the extra strength and mechanical advantage in the Pistorius case - I can't quite see it with Markus Rehm.

Pistorius had BOTH legs amputated, so you can potentially improve on both sides. Rehm had ONE leg amputated - adding extra length doesn't make any sense one one side only. Similarly, I would guess it would make it very difficult to run evenly, if the prosthetic leg doesn't about match the other one in length, in "bounce" (in the step), ...

about 5 months ago
top

Exploiting Wildcards On Linux/Unix

beh Re:Question... -- ? (215 comments)

I did not say purely that reading about -- should tell you about security alone. IIRC my original incident with -- was a colleague setting me a teaser on trying to find out how to delete a file called '-f'; and me first having to figure out, that 'rm ??' reads like delete all files with two character filenames (of which there was only the '-f' file), but not seeing that the ?? actually gets expanded to all the two character filenames by the shell; rm never sees the '??' but instead only sees the filenames - and obviously, it can't discern whether a parameter of '-f' was expanded from the filename -f or intentionally given as a parameter.

If you learn that - you'll get a better understanding of how the system works - and that _in turn_ will help you get a better grasp on what could or would go on and particularly, what could go WRONG, in a system.

about 6 months ago
top

Exploiting Wildcards On Linux/Unix

beh Re:Question... -- ? (215 comments)

Sorry, if that appears harsh - but sometimes it pays to read manuals and try and understand what you're doing and how the stuff works.

I don't exactly remember when I learnt it first - but I DID already know when I also got told about it during my CS BSc degree course (probably 1st or 2nd year - which would place it about 1998-2000).

If you need to code stuff "securely", you need to understand how stuff works -- I don't think of myself as a particularly apt security coder or hacker - I mainly specialise on internal systems integration, not so much web or other front-end stuff, so I have the luxury that I already know the data is "sane", before it gets to me - and I "only" need to figure out how to transform it and where to send it on to.

Here are a few pointers, where you might read about it:

http://pubs.opengroup.org/onli...
"Guideline 10:
        The first -- argument that is not an option-argument should be accepted as a delimiter indicating the end of options. Any following arguments should be treated as operands, even if they begin with the '-' character."

Even wikipedia mentions it - even though not strictly a "developer" resource:

http://en.wikipedia.org/wiki/C...

"In Unix-like systems, the ASCII hyphen-minus is commonly used to specify options. The character is usually followed by one or more letters. Two hyphen-minus characters ( -- ) often indicate that the remaining arguments should not be treated as options, which is useful for example if a file name itself begins with a hyphen, or if further arguments are meant for an inner command. Double hyphen-minuses are also sometimes used to prefix "long options" where more descriptive option names are used. This is a common feature of GNU software. The getopt function and program, and the getopts command are usually used for parsing command-line options."

If that's too far to go - try "man getopt" on your linux machine:

  "
            The parameters getopt is called with can be divided into two parts:
              options which modify the way getopt will parse (options and
              -o|--options optstring in the SYNOPSIS), and the parameters which are
              to be parsed (parameters in the SYNOPSIS). The second part will start
              at the first non-option parameter that is not an option argument, or
              after the first occurrence of `--'. If no `-o' or `--options' option
              is found in the first part, the first parameter of the second part is
              used as the short options string.
"

man rm - and even rm --help on linux show it:
"
              To remove a file whose name starts with a '-', for example '-foo', use
              one of these commands:

                            rm -- -foo
" ...though without explaining the "--" in general...

man chown doesn't mention it, but refers to the full documentation in texinfo and how to access it - that one says under "Common options"

"
    `--'
          Delimit the option list. Later arguments, if any, are treated as
          operands even if they begin with `-'. For example, `sort -- -r'
          reads from the file named `-r'.
"

The information is there - and in _lots_ of places - but it DOES require to occasionally read man pages or general intros, rather than using trial and error and just bodging around until something seems to work.

But, yes, it's a lot of material, and not everyone has the time to read everything -- for me this is also why I mostly rely on others to figure out system security issues... The problem to me seems more that a lot of "learn this in 5 mins" type tutorials don't include it purely for lack of time, and many just use those and still put the results up on the web somewhere.

 

about 6 months ago
top

Exploiting Wildcards On Linux/Unix

beh Question... -- ? (215 comments)

Who does NOT use -- in their scripts, if they're safety conscious?

        rm -i -- *

Problem solved?

Normal programs should stop processing options after a (standalone) "--" and take everything following it as regular parameters. getopt and similar libraries handle this automatically.

I really wouldn't class the "use of wildcards" as a security risk - the security risk is the developer that doesn't know what he's doing.
Would command line handling be a security risk, if someone would add a --superuser-rm option to his code and execute "rm -rf /" as root immediately afterwards?

about 6 months ago
top

Why Amazon Might Want a Big Piece of the Smartphone Market

beh Re:In other news (61 comments)

Think about it this way - before Apple made their inroads into the phone market, the dominant players were companies you don't even hear much about as phone makers any more (Nokia, Ericsson, ...) and back then people thought, Apple wouldn't be able to make any significant inroads into that market either.

In fact, they pretty much disrupted the entire sector in the process - they may not be the market leader by market share, but they managed to build up and retain the "premium" brand image in the market - and keep the highest share of profits in that market.

As for Amazon - there are two things at play here: Sure, anyone can install amazon's app on the iphone - but it doesn't come pre-installed; the iTunes store does; so on the app side, they can only profit from people who go and install their app first - and somehow I can't see Jeff Bezos talking Apple into _please_ include the Amazon store into the default apps on the phone. Apple would probably rather start entering Amazon's business rather than allowing amazon to add an app to the base iOS which will be in part competition to the iTunes store.

Secondly, I would expect Apple to move more into the cloud market - which will be tied in nicely with iOS - and which might end up being a threat to Amazon's cloud services.

Amazon is large enough and has the technical background to try and successfully bring a new phone to the market - I'm not quite sure, though, whether they have something really new to bring to the table that others don't have and which would allow them to disrupt the market in a way large enough to make it pay off...

about 6 months ago
top

How Tim Cook Is Filling Steve Jobs's Shoes

beh Re:Creativity vs innovation (209 comments)

I think the problem is more that many (most?) people seem to think that being creative and being innovative is the same thing. It isn't.

Steve Jobs may not have been the most creative person on the planet - but he was possibly one of the most innovative.

It's all well and good if you think of an idea on how to beat cancer - but the idea is nothing if you can't realize it.

Maybe Xerox had the first graphical user interface - but they had fairly little idea on what to do with it - Jobs did - and while many people will happily point out that Xerox had a mouse and GUI before Apple got there (and they're right) - how many can honestly say they had heard of a mouse and graphical user interfaces BEFORE they had seen one on an Apple computer or one of the countless GUIs that followed?

How many phones today would have touch screens and controls that look eerily similar to the iPhone ones, if the iPhone wouldn't have shown it before? (it doesn't matter, if you know a single phone before that had a touch screen - physically having the touch screen is not the same as seeing how it was all put together first).

Tablets had been around before the iPad - but what kind of sales did they have before? And what kind of sales do they have now? And - those that are selling the best now, in terms of their usability, do they look a damn sight more like the iPad, or more like whatever tablets were there before?

All those are cases of INNOVATIONs brought by Apple and which ultimately massively changed the face of the markets that they went into.

Another pointer on how Apple did something great and something new?

Name the last Samsung product launched that had a significant number of other players in the industry immediately clamoring to make something similar or "better"? When was the last time LG did? Google? Google possibly did with gmail - but search engines were there before, even large and well known ones.

Jobs was great in seeing something and seeing how it could be made useful far beyond what their original creators might have done.

about 6 months ago
top

Google Has Received Over 41,000 Requests To "Forget" Personal Information

beh Re:Business with whom?... (138 comments)

I believe his problems weren't with banks, but rather potential customers for his business - who just looked at his background to see what kind of person they're dealing with.

Banks do have systems of their own that use data that is also not for public consumption to determine whether or not to lend you money - here the google search wouldn't have been a problem; as his credit record would have had that information on it either way.

about 7 months ago
top

Google Has Received Over 41,000 Requests To "Forget" Personal Information

beh Re:The most amusing thing about this law... (138 comments)

It doesn't matter in his case - if he wants to run a business, he might not even get a chance to prove that the issue is outdated, if it still ranks highly in google searches.

In his position it was probably the choice between a rock and a hard place - without the court case, he still would have trouble with his business; now with that case to his name, you might hope it's a little less of a problem (again - the news reports now mentioning his name all also list that it's about skewed search results regarding an outdated financial problem). To me, seeking redress for that seems fair; but yes, there will still be people that will not want to get into business dealings with him because of the court case - he can only hope that people will now also see the reason for the case; as opposed to just seeing a forced property sale.

It's still bad information about him - but there is less information asymmetry now, as the reports don't JUST mention the forced sale, but also mention that the financial woes are way behind him. Seeing those two things together, is fair reporting of the case. Seeing just the forced sale in the search results is a massively negatively skewed view on the case.

about 7 months ago
top

Google Has Received Over 41,000 Requests To "Forget" Personal Information

beh Re:Google has NO responsiblity whatsover (138 comments)

You probably don't want to be misquoted - or quoted completely out of context - why should anyone else be?

I'm not sure about where you are, but police records aren't public in most places - but they are available for relevant searches; i.e. to find out whether someone is a sex-offender before allowing them to work with children, you consult police records - and inside of that context that is perfectly legitimate - and police records are the only source you should trust for this purpose, too.

Similarly, if I ran for public office, people would probably just not quickly scan google to see whether I'm a "decent" candidate; other sources would come into play fairly automatically, because I'd be in the spotlight anyway.

But, taking your stance - where exactly will you draw the line?
Should Star Wars Kid forever be hunted and ridiculed, because you'll find this stupid video if you entered the guys name even 20 years later - just because that is the one thing in his life that went completely viral? Alternatively, just because YOU might think - in this case, it's a kid; that has no bearing on his current life - can you picture that OTHERS would still ridicule him at his workplace or other places, just because they happened to come across that stupid video?

Similarly, say, if you did something wrong in the past - that I would know about - if you ever pissed me off, I could possibly permanently ruin your search results by making that issue "bubble up" (or if I don't want to do it myself, pay some SEO guy a few quid, just to ensure that THAT story will feature fairly close to the top when searching for your name). Or just outright slander you on a web site outside your national jurisdiction - just so you can't have it removed and then ensure that comes up high in google searches.

about 7 months ago
top

Google Has Received Over 41,000 Requests To "Forget" Personal Information

beh Re:The most amusing thing about this law... (138 comments)

Correct - he's now known everywhere for it - but the NEW articles also mention that this was an old issue that has long been resolved.

The old articles only mentioned the forced property sale, but not the end of his financial troubles later.

What, do you think, is better for him?

I would say, the new situation is a lot better for him - yes, people will no about his financial situation WAY past; but right now they also now, that it is PAST - not current.

Sure, it would have been better for him, if it would have been resolved quietly without his name getting dragged across net news; but, at least, this time no news are saying anything that his finances ARE a problem. His issue before was that people assumed he would STILL be a financial liability, as google listed the forced property sale near the top of the search results - not the absence of more financial issues in the last few years.

You COULD glance that information, if you carefully looked through all the data - but who takes that time with every single google search? What doesn't look quickly, whether there is another "solution" to your problem, when the first one doesn't immediately look palatable?

about 7 months ago

Submissions

top

beh beh writes  |  more than 7 years ago

beh (4759) writes "Yesterday, at 2:30pm GMT someone started ssh scanning my servers — thanks to fail2ban, there's not much chance of anything happening there, but nevertheless, when I finally saw all the fail2ban messages about it 2 1/2 hours later, I reported the issue to theplanet.com, the provider from which the attack originated.

At first, there was no response apart from 'This is an auto-response'. A further 12 hours later, finally an answer "we will investigate", in the meantime, the attack continues.

By now, it has been 23 hours since the attack started, and over 20 since I reported it to the ISP; no further reaction, the ssh scans continue to come in from 70.87.55,194; and since the attack goes again all IP addresses of both of my servers, I can only assume it will go against the entire subnet of those servers (especially since a third server belonging to the same domain, with another ISP is not the target).

I've just had a quick online chat with their support desk, and all they tell me is "I can't do anything about it; my hands are tied. Mail the abuse desk again, but please note, the investigation and actions from it can take between 24 and 72hours.".

My question now is this — when does an ISP become an accomplice to an attacker, by willingly leaving him to continue to attack other systems, even though the provider knows full well about what's going on?

Where are the rights of those people that are on the receiving end of those attacks — I can hardly 'take my business elsewhere', since I'm not a customer of theplanet.com... For the moment, I'm 'happy' with the attacks to continue, as the attacker seems to be using dictionary based attacks and hasn't hit on any accounts that could be vulnerable; but obviously, I can't say how safe other systems on the same subnets, or on other subnets that are being attacked might be. Leaving this unchallenged for 24-72 hours seems a sure-fire way to exacerbate the problem, as any additional host someone might be able to break into, will only make future attacks worse.

So, what can/should be done?"

Journals

beh has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?