Slashback: Compromise, Bugs, Slag

Slashback with more on Bill Gates' comments on bugs in Microsoft's code, the recent compromising of millions of credit card numbers, more .uk domain waffling, and more, including a foolproof way to stop anyone from reading data off of your discarded hard drive's platters.

Let me just slide your card a few dozen more times ... Any Web Loco writes "Following on from this piece on /., this story in the Sydney Morning Herald tells us that the company that got hacked (exposing up to 8 million credit card numbers) was Data Processors International. Not much to the story, but we now know who it was."

Another reason to be cautious about domains with "uk" in them. An anonymous reader writes "The Register reports that Nominet has looked at opening .net.uk up or killing it off and then decided it can't decide. The chair of sub-committee responsible, Clive Feather, is currently standing for re-election to Nominets Policy Advisory Board. The sub-committee he chaired had suggested shutting down net.uk entirely, which the main board rejected. His position must surely be under scrutiny by the internet community."

Interesting bugs are in the teeth of the beholder. dvdweyer writes "I myself do remember having read the whole interview with Bill Gates in Focus, a German weekly news magazine (their online service now seems to be part of MSN *yuck*). There are however resources online which provide full sources, in English, most notably RISKS in issue 17.43 (not 17.42) with a follow-up in issue 17.44."

When fan-subs just aren't what you want. May Kasahara writes "Studio Ghibli fansite Nausicaa.net now has official release dates for Region 1 DVDs of Kiki's Delivery Service , Laputa: Castle in the Sky , and Spirited Away , as well as official preview artwork of the disks and packaging. As a side note, the site now has a page up for Miyazaki's upcoming Howl's Magic Castle . See you at the video store on April 15!"

Fonts make your terminal much more useful. Russ Nelson writes "The Bitstream Vera fonts are available for trial use. Bitstream is still tweaking them, so they're under the provisional "no redistribution" license. You can download them yourself, though, and in about a month, put them in your software distribution. Kudos to X co-creator Jim Gettys for finally getting X some professional-quality fonts."

Dear Mr. Ashcroft: I hope you find this slag useful. eecue writes "Due to the recent MIT study concerning data recovery from old hard drives, we decided that the only foolproof means of data removal was complete destruction."

the article is from 1995

[RobertTaylor]

with more on Bill Gates' comments on bugs in Microsoft's code

Reading earlier someone (Presence2) stated:

This interview occured in 1995.. don't you folks read? This was before 98,win2k,ME,XP and even NT was still OS2 in disguise. I'm sure Gates et al said a whole mess of stuff (128k memory?) that looking back now is ridiculus. Why drag a 7 year old article out for /. to rag on? - You're just sifting for dirt.

Dont you even read users posts? Its amazing what you would learn ;)

Actually who knows...

[Goronmon]

Bill Gates' attitude back then might have had an effect on the development of future OSes. I mean, just because it was so old doesn't make it completely irrelevant.

Still, one would hope that he has had a few changes of heart since then.

Wow...fonts

[Eric Savage]

10 Basic fonts are just what was holding me back from setting up a Linux desktop. Does anyone have time to set up a site where you give away true type fonts for free? That would be a great idea and I've never seen one.

Re:hard drive destruction

[Nine Mirrors Turning]

In an earlier incarnation I used to work for the government doing military research. We had to burn all disc containing classified material. The reason given, since substantiated by a guy at the swedish equiv of NSA, was that a SQUID (Super-conducting Quantum Interference Device) [techtarget.com]could manage at least 25 overwrites, possibly many more. Our security officer built a large bonfire every spring of used hard drives and ignited them with thermite. T'was a grand sight!

Re: netcraft survey says...

[Black Parrot]

> The site www.dpicorp.com is running Microsoft-IIS/5.0 on Windows 2000.

That's pretty much irrelevant until we find out how the numbers were acquired. For instance, if someone hacked an application rather than the OS, or if the hack had inside help (such as a leaked password), then the OS is completely irrelevant.

Re:hard drive destruction

[SatanicPuppy]

No need for dd; its easy enough to write a script that will write 1's to your drive forever, or until the stylus on your drive melts.

I think the underlying issue is that all too often no one takes these kinds of precautions, or no one thinks to take them with a drive that's "Dead". Had a client send me a "dead" drive (awful clicking screeching noise, you know, dead.) Slapped it into an oven for a minute to loosen up the lubricants inside, and was able to write about 60% of the data off it before it crapped out for good.

The way many people take security, I think it's all to the good to tell them to toss a drive in a fire for an hour or so, just to make sure that the data is really gone. Half these jokers think DELETE actually removes information from the drive.

Gates doesn't say bugs are good!

[Anonymous Freak]

Okay, it's 8 years old, so it's irrelevant, but still, the most revealing comment to me is:

The reason we come up with new versions is not to fix bugs. It's absolutely not. It's the stupidest reason to buy a new version I ever heard.

And it makes perfect sense! New versions should not be about bug-fixes. Being told to "Upgrade" should never be a valid response to someone complaining about a bug. Gates isn't saying bugs are in their on purpose, he isn't saying their good. He isn't saying they're in there because that's what sells. He's saying bugs are bad, bugs should be gotten rid of in any given version, and that a new version isn't about bug fixes, it's about new features. Isn't that what a new version SHOULD be?

Some software companies are bad at that. Some companies <cough, Intuit, cough> *DO* insist that to fix a bug, you must upgrade. That is stupid.

Re:hard drive destruction

[edhall]

In some cases security has to take into account not only current threats, but future threats as well. Magnetic technology has been advancing quickly. A technology which can pack a terabytes in a square inch is also likely to be able to find and separate the remnants of multiple writes at today's gigabyte densities. If you have something you want to keep secret for the next decade or two, it's prudent to take extreme measures when you wnat to destroy it.

-Ed

Vera, what do you look like?

[Anonymous Freak]

Okay, I didn't even realize the joke until I typed in the subject line. So, does anyone know what Vera looks like? The Bitstream fonts, I mean. Having high-quality good looking fonts is nice and all, but I'd like to know what they look like. Is there a sample picture of them anywhere? I haven't been able to find one.

Re:.uk

[p_d_austin]

I'll take each point in turn. 1. You are correct the 2 letter ISO country code for the UK is gb see http://www.iso.ch/iso/en/prods-services/iso3166ma/ 02iso-3166-code-lists/list-en1.html#sz 2. Britain is now forced to use metric by Europe (the french invented it) but a lot of older people are resiting and like to still use imperial (which we invented). 3. The US Gallon is smaller than the Imperial Gallon. 4. A pint is 568ml so in North America we get short changed when you call a pint 16oz, check out the weights and measures act. And what the hell is a sleeve!! 5. Like .com follows the country Domain standard, I know there is .us but who actually uses it. Just for fun keep it light! Paul

Re:the article is from 1995

[stock]

Well don't you realize that if Bill gates would conduct a interview today with the same statements, he would create a big mess ?

And why would we all suddenly believe that what he said in that interview in 1995 is not valid anymore? Remember latest security flaws on the microsoft platform, and on what massive scale it today happens? That costs fortunes while the legal department of MSFT allows Bill Gates to walk away with a smile.

Robert

It's history

[tarquin_fim_bim]

No more ridiculus than looking back on Pearl Harbour or the Gettysburg Address. Humans learn from their mistakes, really clever ones learn from other peoples.

Spirited Away

[MBCook]

Does anyone know if the US version will have the red tint that was mentioned a while back here on Slashdot [slashdot.org] a few months ago? The linked site seems to say a new release on VHS over in Japan is correct, but what about the DVD? What about the US DVD?

Re:The Bill Gates interview,

[namespan]

There are a lot of things that are eight years old, or older. The Balkan Crisis, the first US-Iraq gulf war, U2's the Joshua Tree, HTTP .9, HTML 1.0, NeXTStep, the Simpsons, Unisyn 1.x, etc. A few of these things are of current interest because they're still useful/cool/relevant. However, even for the things that aren't currently relevant, they're still useful as historical perspective, especially if you start to look for cause/effect relationships.

Windows NT 4/5, based on the Chicago/Cairo projects, were being worked on clear back in 1994. The corporate culture, shaped by the attitudes of the execs, in turn shaped the software being developed -- software in broad use today. It's history, man, cause and effect, and sometimes it takes a few years (or decades) for everything to propogate -- despite American pop culture's mass ADD.

It's understandable, of course, to accuse slashdot editors/readers of knee-jerk pummeling of MS -- and most days I'm certainly ready to pick up my pitchfork and torch at a moments notice. But this seems to be genuine perspective. Gates is actually correct that moaning about computer woes has a partially social component, but one also wonders if a basically evasive response to the issue of bugs says something about the company that's given the market some really big security problems.

It's interesting that it continues, too. After one of the recent big IIS/worm problems (think it was Nimda) I remember seeing an MS spokesman say that the problem was essentially due to their being a market leader, that any market leader would suffer similarly. This argument seemed rather disingenuous when the actual leader in the space IIS occupied (Apache) had no comparable difficulties, and again seemed to come down to evasion of responsibility for bugs.

I think that's a thread throughout their history: mitigate importance of bugs, evade responsibility, promise more in next release. I don't think it's unique to them, and I'm not entirely sure it's bad business practices, seeing as how it seems to have won them an awful lot. But I like seeing the perspective. It's funny how the Jello makes more sense once you've seen the mold.

Re:.uk

[tarquin_fim_bim]

Great Britain is a geographical term for the largest island of the British Isles, comprising of England, Scotland and Wales, whereas the United Kingdom also includes Northern Ireland which is part of the island of Ireland, hope this clears things up for you. Otherwise your post is valid.

Re:Data erasure from the latest Circuit Cellar Ink

[jpmorgan]

Not really a very good way of clearing out the data. Consider the data density per inch on a modern hard drive. By putting a couple of bullet holes in the drives how much actual data are you destroying?

Even if you grind the platters, the density on modern drives is so high that you're still leaving large amounts of data lying around.

Re:.uk

[meringuoid]

Great Britain is a geographical term for the largest island of the British Isles, comprising of England, Scotland and Wales, whereas the United Kingdom also includes Northern Ireland which is part of the island of Ireland, hope this clears things up for you. Otherwise your post is valid.

In a spirit of hardcore pedantry, I should add that the UK includes more than just the island of Great Britain and the province of Northern Island; Anglesey and the Isle of Wight are parts of the UK, as are the Shetlands, Orkneys and Hebrides, assorted other Scottish islands, the Scilly isles, Lundy, Flat and Steep Holm, that L-shaped island in the Irish Sea off Northern Ireland, and a great many worthless little rocks nobody cares about.

The Isle of Man is technically not part of the UK, IIRC. It's a constitutional oddity, similar to the Channel Islands.

Re:.uk

[Anonymous Coward]

No, a real pedantist would point out that the Isle of Wight is an English county, Anglesey a Welsh county, the Shetlands, Orkneys and Hebrides, are Scottish counties etc. etc.