×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Ask Slashdot: Do-It-Yourself Security Auditing Tools?

quinto2000 Use standard software and keep it up to date (116 comments)

From the way you describe your goal, you are building mostly one-off websites. For small companies and the like? You'll be best off just using popular open source products like Drupal, WordPress, or ModX and keeping up to date with security updates. Many of these will automatically notify you of security updates and you can apply them right away. Don't try to host the websites on your own server either. Get a hosting product from a company that will keep the underlying OS, Apache, and PHP up to date and secure. This will reduce your exposure quite a bit. You still need to make sure to choose good passwords. Nessus or OpenVAS are also an option.

about a year and a half ago
top

Fedora Aims To Simplify Linux Filesystem

quinto2000 Re:When do we get compression? (803 comments)

This does solve an important problem in the Windows server space. Windows generates big log files, and there's no good log rotation built in. I do routinely end up compressing the log directories on many of my Windows servers. However, Linux has several good standard log rotators, so it's less of a concern. I've actually never run into the problem of a log directory filling up on Linux. What's the other use case where you have 1 TB of text files, other than logs?

more than 3 years ago
top

Learning Programming In a Post-BASIC World

quinto2000 Re:what I did (510 comments)

I agree with Pascal--first "real" programming I used after playing around with Basic interpreters on the Mac II. It's much easier to start with than C, but has C-like syntax so it's not hard to transition.

more than 3 years ago
top

ProFTPD.org Compromised, Backdoor Distributed

quinto2000 Re:Should have used vsftpd (152 comments)

You're saying it's possible to secure a known username. Who cares? Suppose 90% of attacks are on those known usernames (I don't have actual figures, but that seems plausible, based on my own experience with publicly accessible Linux machines). Just eliminate 90% of the attacks (and the chance of brute force breaking through) by eliminating those known accounts from remote login.

Why wouldn't you do this? You can still secure the rest of your accounts. Hackers, botnets and script kiddies go after the low-hanging fruit. Reduce your attack surface, and you are clearly better off. There's almost no hassle to having to su to root once you log in with a normal user account.

By the way--logging in to a console in public is completely different from remote root access. If someone can see over your shoulder--there are lots of other ways for them to engineer an attack. But we all have to be aware of the greater risk of unknown users on the Internet just scanning IP ranges and trying to login. If you've ever had a public web server, you will see that this happens to every machine. Much more common than someone we know trying to crack into our box.

about 4 years ago
top

ProFTPD.org Compromised, Backdoor Distributed

quinto2000 Re:Should have used vsftpd (152 comments)

Pretty real security risk--first thing any good sysadmin does is disable remote access to known account names like "root" and "administrator"--you greatly reduce your attack surface by doing so. Take a look at ssh access logs and see how many denied attempts there were for "root".

about 4 years ago
top

2010 Election Results Are In

quinto2000 "One seat majority" (1530 comments)

Currently the Democrats have 51 confirmed seats, which is expected to reach as high as 53. 51 seats means a two-seat majority, while 53 would mean a six-seat majority. Basic math time, folks.

more than 4 years ago
top

Can an Open Source Map Project Make Money?

quinto2000 Re:Offer custom maps (304 comments)

I think I used JOSM as well--it was a while ago. But I don't think JOSM allowed any rendering, so once I got a map segment with JOSM I had to render it with Mapnik.

more than 4 years ago
top

Can an Open Source Map Project Make Money?

quinto2000 Offer custom maps (304 comments)

When I got married, I decided I wanted to make maps for my guests, none of whom lived in our small exurb. It turns out this is a pretty common task. I didn't want ugly, low resolution mapquest printout maps though. I wanted to be able to put in points of interest, I wanted a high level of street detail and I wanted some control over the rendering. I was excited to find out about OSM. It turns out, the Open Street Map website allows you to download a section of the map as SVG. Great! However, one problem: it has a pretty small limit on how big it can be, which limits either map size or level of detail. I ended up downloading the entire map, the rendering software and Mapnik style sheets, and having to compile the renderer myself. Then I edited the map in Inkscape, but there are some boundary issues when you just want a small segment of a big map. It was a pretty complicated project, but I think ultimately worth it.

If OSM offered a paid or advertising supported service to help make custom maps, I think it would be pretty popular. I've toyed around with the idea myself of offering this service, but I don't have the time.

more than 4 years ago
top

Justice Department Seeks Ebonics Experts

quinto2000 Re:It's not the words... (487 comments)

I don't think that's real language--it's made up for the movie Airplane!

more than 4 years ago
top

Does Net Neutrality Violate the Fifth Amendment?

quinto2000 Nope (341 comments)

No. Almost nothing is a regulatory taking. There's a very narrow area that's protected, and this almost certainly does not fall in that area.

more than 4 years ago
top

Google's Chrome OS To Launch In Fall

quinto2000 Re:What I want (375 comments)

Sounds like a research project at CMU called Internet Suspend and Resume. http://isr.cmu.edu/

more than 4 years ago
top

FSF Asks Apple To Comply With the GPL For Clone of GNU Go

quinto2000 Re:Fat Chance (482 comments)

Congress passed a law, the Communications Decency Act, which protected "service providers" from liability for distribution of information published on their forums by others. This covers Youtube, but not someone like Apple who is essentially a software reseller.

more than 4 years ago
top

Scrabble To Allow Proper Nouns

quinto2000 Re:House Rules (377 comments)

Or...you can just accept the Scrabble rules, which rely on lexicographers to determine the acceptability of a word. I'm not sure why you think you're better at determining what a "word" is than the committees of lexicographers who edit dictionaries. The original Scrabble rules are simple and avoid arbitrary classifications. Should we also eliminate rarely used scientific or medical words? Notes on the musical scale, which have english names? (do, re, mi, etc.) Is laser acceptable (light amplification by stimulated emission of radar)? Usage is what determines acceptability of something as a "word" in the English language, and determines inclusion in a dictionary.

Basically what you are saying, is that it's hard for you to remember these words. Part of the fun of Scrabble is in expanding your vocabulary. Accept the challenge instead of limiting yourself. There's already a clear, concise Scrabble word list. Use it.

By the way, ETC* is not acceptable, because it's not a word--it's an abbreviation without its own pronunciation. Amp, ref, and ex are all commonly used English words, so I'm not sure why they offend you. How often do you really say "amperage" or "ampere" rather than amp?

more than 4 years ago
top

RIAA Recommends Students Drop out of College

quinto2000 Re:Just in case, article text (869 comments)

well, not quite. but you're right that the states are not required to provide a trial by jury for civil suits in all cases.

more than 8 years ago

Submissions

quinto2000 hasn't submitted any stories.

Journals

top

Viola/Voila distinction

quinto2000 quinto2000 writes  |  about 12 years ago

Just to make it clear.

Main Entry: 2viola
Pronunciation: vE-'O-l&
Function: noun
Etymology: Italian & Spanish, viol, viola, from Old Provençal, viol
Date: circa 1724
: a musical instrument of the violin family that is intermediate in size and compass between the violin and cello and is tuned a fifth below the violin
- violist /-list/ noun

Main Entry: voilà
Variant(s): or voila /vwä-'lä/
Function: interjection
Etymology: French, literally, see there
Date: 1739
-- used to call attention, to express satisfaction or approval, or to suggest an appearance as if by magic

It's not that hard, guys. Get with it.

top

When did Slashdot "jump the shark"?

quinto2000 quinto2000 writes  |  more than 12 years ago When did Slashdot "jump the shark?" Who here remembers when reading Slashdot was entertaining? When real news for nerds was posted? Goddammit, who remembers when reading Slashdot distracted you from doing your work? When you didn't need to troll in order to get enjoyment from the good ol' 64.28.67.150? When beer was Free, not just free? When it was exciting to read about new innovations in technology? When "first post" was amusing meta discussion, not a mindless bore?

Just like the Fonzy, tell me, what moment made it clear for you that Slashdot jumped the shark?

top

Cool uids?

quinto2000 quinto2000 writes  |  more than 12 years ago So, I have a pretty cool user id, myself. Not quite a palindrome, but at least it can be compressed nicely (211211). Who else has an impressive user id? Spotted any neat ones? What's the correlation between a "cool" userid and being cool, yourself? It seems to be negative in my case.

I'm looking for ids like 666 (devil's number), 12021 (palindromic), etc. Low user ids are not, per se, cool, although some special cases could be. Let's see what everyone's got.

BTW, I edited this journal so that comments could still be posted. What's the amount of time before a discussion is archived?

top

Bonus.

quinto2000 quinto2000 writes  |  more than 12 years ago Well, I just got my +1 bonus. Somehow this seems like a testimony more to my ability to karmawhore than to any real insight I'm able to provide. I'll admit, I'm usually insipid, have little of use to offer to most discussions, and have no qualms about making shit up when I don't know the real answer to a question.

Hey, I'm still better than 56ker. I'll try to use my bonus wisely, to give legitimacy to the time waster, flamebait, or troll, not to spread the mediocrity that characterizes most comments on Slashdot any further. I'll do my part to keep you amused, Slashdot. That is my pledge. You trust me because I have a +1, and I won't fail that trust.

top

Freedom of Information

quinto2000 quinto2000 writes  |  more than 12 years ago Freedom of information is important. What do you think are reasonable guidelines regarding the freedom of information in a student government?

What's ok to keep secret, what isn't? What's a reasonable timeline for the distribution of information?

Slashdot Login

Need an Account?

Forgot your password?