Slashback: Compromise, Bugs, Slag 262
Let me just slide your card a few dozen more times ... Any Web Loco writes "Following on from this piece on /., this story in the Sydney Morning Herald tells us that the company that got hacked (exposing up to 8 million credit card numbers) was Data Processors International. Not much to the story, but we now know who it was."
Another reason to be cautious about domains with "uk" in them. An anonymous reader writes "The Register reports that Nominet has looked at opening .net.uk up or killing it off and then decided it can't decide. The chair of sub-committee responsible, Clive Feather, is currently standing for re-election to Nominets Policy Advisory Board. The sub-committee he chaired had suggested shutting down net.uk entirely, which the main board rejected. His position must surely be under scrutiny by the internet community."
Interesting bugs are in the teeth of the beholder. dvdweyer writes "I myself do remember having read the whole interview with Bill Gates in Focus, a German weekly news magazine (their online service now seems to be part of MSN *yuck*). There are however resources online which provide full sources, in English, most notably RISKS in issue 17.43 (not 17.42) with a follow-up in issue 17.44."
When fan-subs just aren't what you want. May Kasahara writes "Studio Ghibli fansite Nausicaa.net now has official release dates for Region 1 DVDs of Kiki's Delivery Service , Laputa: Castle in the Sky , and Spirited Away , as well as official preview artwork of the disks and packaging. As a side note, the site now has a page up for Miyazaki's upcoming Howl's Magic Castle . See you at the video store on April 15!"
Fonts make your terminal much more useful. Russ Nelson writes "The Bitstream Vera fonts are available for trial use. Bitstream is still tweaking them, so they're under the provisional "no redistribution" license. You can download them yourself, though, and in about a month, put them in your software distribution. Kudos to X co-creator Jim Gettys for finally getting X some professional-quality fonts."
Dear Mr. Ashcroft: I hope you find this slag useful. eecue writes "Due to the recent MIT study concerning data recovery from old hard drives, we decided that the only foolproof means of data removal was complete destruction."
the article is from 1995 (Score:5, Insightful)
Reading earlier someone (Presence2) stated:
This interview occured in 1995.. don't you folks read? This was before 98,win2k,ME,XP and even NT was still OS2 in disguise. I'm sure Gates et al said a whole mess of stuff (128k memory?) that looking back now is ridiculus. Why drag a 7 year old article out for
Dont you even read users posts? Its amazing what you would learn
Actually who knows... (Score:4, Insightful)
Still, one would hope that he has had a few changes of heart since then.
Re:Actually who knows... (Score:2)
On the other hand, if they're both screaming at each other instead of their respective employees, that would explain it.
In other news (Score:5, Funny)
Anyone out there hear of this new free OS called Lineux or something? I think it was written by some student in Estonia or something. Two guys down in San Jose are starting up some company based on this product called "RedHelmet" or something.... but I'm sure they'll go out of business in a year.
I tried to go to their website, but I can't get my Mosaic brower to display these new Jpeg pictures.
Re:In other news (Score:5, Funny)
According to Linus Torvalds, Linux is specific to the x86, and will probably never be ported to any other architecture, so it's probably not going to amount to much in the long run.
When Apple releases Copland, we'll all want to get PPCs.
Re:In other news (Score:2)
---------
Yep, only a year more to wait... yippy! The real fun will be Gershwin a few years after..
Re:In other news (Score:2)
-- Brian
Re:the article is from 1995 (Score:4, Insightful)
And why would we all suddenly believe that what he said in that interview in 1995 is not valid anymore? Remember latest security flaws on the microsoft platform, and on what massive scale it today happens? That costs fortunes while the legal department of MSFT allows Bill Gates to walk away with a smile.
Robert
It's history (Score:5, Insightful)
Slashdot IQ test for users/ editors (Score:2, Informative)
Re:the article is from 1995 (Score:5, Funny)
They don't even RTFA, and you want them to read user posts too?
damn.
Re:the article is from 1995 (Score:2)
Heh, read the article? But that would take valuable time that could be better spent making cursory scans of user submissions!
Personally, I think the Slashdot editors are payed on commission. Slashdot editors: Selling cutting-edge pseudo-news to sex-starved 16-year-olds.
By the hour.
Re:the article is from 1995 (Score:2)
Nor is there any overt evidence that this attitude has changed.
It isn't merely a mistake in prediction, nor does it having anything to do with a *particular* product so it doesn't matter how many products have been introduced since. It could be a thousand of them. It doesn't matter.
Nor does this statement stand on its own. It's just one more in a long line of prognostications, statements, threats and temper tantrums that show an essential disdain, not just for his customers, but for other people in general.
It isn't about MS. It's about Bill. As a person.
KFG
Re:the article is from 1995 (Score:5, Funny)
-Bill
Re:the article is from 1995 (Score:3, Funny)
True. In the intervening time, he's provided us with hundreds of thousands of newer, cooler bugs than we ever had in Windows 3.1.
Re:the article is from 1995 (Score:2, Funny)
netcraft survey says... (Score:3, Interesting)
Re: netcraft survey says... (Score:4, Insightful)
> The site www.dpicorp.com is running Microsoft-IIS/5.0 on Windows 2000.
That's pretty much irrelevant until we find out how the numbers were acquired. For instance, if someone hacked an application rather than the OS, or if the hack had inside help (such as a leaked password), then the OS is completely irrelevant.
Re:netcraft survey says...OT (Score:5, Funny)
(Of course, I frequently hear Richard Dawson's voice in my head. Werner Klemperer, too...)
Cheers,
Jim
I have no doubt (Score:2)
If iptables filters all traffic then it should be trivial for the authors to let it use an nmap definitions db and pretend to be another box. For example if the db knows that winshit2k responds a certain way to a broken SYN request, iptables could act that way.
For those that would like to see for themselves (Score:2)
http://grc.com/id/idserve.htm [grc.com]
Yeah, yeah, Steve's a bit of a tinfoiler, but his apps are always damn slick (anyone else remember Chromazone?)
The Bill Gates interview, (Score:3, Funny)
8 years old.
a multiple dupe.
news for nerds, indeed.
Re:The Bill Gates interview, (Score:4, Insightful)
Windows NT 4/5, based on the Chicago/Cairo projects, were being worked on clear back in 1994. The corporate culture, shaped by the attitudes of the execs, in turn shaped the software being developed -- software in broad use today. It's history, man, cause and effect, and sometimes it takes a few years (or decades) for everything to propogate -- despite American pop culture's mass ADD.
It's understandable, of course, to accuse slashdot editors/readers of knee-jerk pummeling of MS -- and most days I'm certainly ready to pick up my pitchfork and torch at a moments notice. But this seems to be genuine perspective. Gates is actually correct that moaning about computer woes has a partially social component, but one also wonders if a basically evasive response to the issue of bugs says something about the company that's given the market some really big security problems.
It's interesting that it continues, too. After one of the recent big IIS/worm problems (think it was Nimda) I remember seeing an MS spokesman say that the problem was essentially due to their being a market leader, that any market leader would suffer similarly. This argument seemed rather disingenuous when the actual leader in the space IIS occupied (Apache) had no comparable difficulties, and again seemed to come down to evasion of responsibility for bugs.
I think that's a thread throughout their history: mitigate importance of bugs, evade responsibility, promise more in next release. I don't think it's unique to them, and I'm not entirely sure it's bad business practices, seeing as how it seems to have won them an awful lot. But I like seeing the perspective. It's funny how the Jello makes more sense once you've seen the mold.
In other news . . . (Score:2)
CNN does not help by scooting the copyright date up, it says 2001 on the page I viewed.
Wow, the things I miss from the last century
Hard Drive Destruction (Score:3, Funny)
.net.uk (Score:3, Informative)
The UK "internet community" cannot vote, assuming you mean UK internet users as the community. You can only vote in nominet elections if you are nominet member, which costs £1000+ per annum.
Re:.net.uk (Score:3, Informative)
http://www.nic.uk/Members/HowToJoin/ [www.nic.uk]
Standard US DoD SOP (Score:3, Informative)
Drive slagging.. (Score:4, Funny)
Crash unexpectedly have you? Take that!
Turn them in to paperclips! Finally a way to come through with all those threats! HAH!
paperclips? (Score:4, Funny)
Why? You need help writing a letter?
It turns out that ... (Score:5, Funny)
Sometimes... (Score:3, Interesting)
.uk (Score:3, Interesting)
If the people in Great britian complain we don't use metric, that I'm sure as hell going to complain that they don't conform to the Domain standard. Take that!
Re:.uk (Score:3, Informative)
Why should it be .gb instead of .uk? The full and proper name of the country is The United Kingdom of Great Britain and North Ireland. People are more likely to call it The United Kingdom (which fully includes the whole country) rather than Great Britain (which excludes the people in North Ireland, many of whom most certainly want to assert that they are part of the UK rather than their neighbor to the south). I've certainly heard lots of people talk about "The UK", but I've never heard them talk about "GB". There's certainly no reason not to use .uk rather than .gb.
Re:.uk (Score:2, Insightful)
Re:.uk (Score:4, Informative)
--sex [slashdot.org]
Re:.uk (Score:2, Insightful)
Re:.uk (Score:2, Insightful)
In a spirit of hardcore pedantry, I should add that the UK includes more than just the island of Great Britain and the province of Northern Island; Anglesey and the Isle of Wight are parts of the UK, as are the Shetlands, Orkneys and Hebrides, assorted other Scottish islands, the Scilly isles, Lundy, Flat and Steep Holm, that L-shaped island in the Irish Sea off Northern Ireland, and a great many worthless little rocks nobody cares about.
The Isle of Man is technically not part of the UK, IIRC. It's a constitutional oddity, similar to the Channel Islands.
Wow...fonts (Score:3, Insightful)
Re:Wow...fonts (Score:3, Interesting)
I personally think it's great that they are providing high-quality fonts that can pretty much be free to distribute or hacked... mostly being a free (gratis) replacement for Verdana (and a couple of other fonts Microsoft includes in Windows and Office).
Re:Wow...fonts (Score:2)
Actually, with professional fonts it's more like months or years.
[...]mostly being a free (gratis) replacement for Verdana (and a couple of other fonts[...]
I find Helvetica to be a nice "replacement" for Arial. (Originally it was the other way around [ms-studio.com].) and Verdana, too. On a side note anything is a good replacement for Times New Roman *shudder*
Re:Wow...fonts (Score:3, Interesting)
Actually, high resolution, anti-aliasing, and large font sizes are extremely forgiving of low quality. The only thing that making a font really big might reveal is that the creator didn't make lines quite horizontal or vertical. Given the ease of making exactly horizontal or vertical lines in any font editing program, this isn't a real issue.
As you point out, the devil is in the hinting. Hinting really only matters when you need to display a character in as few pixels as possible. Typically on screen in small font sizes, but also on low resolution printers (is anyone really using dot matrix anymore), or for very small fonts (on a typical low end 300 dpi laser printer we're talking smaller than about 6 point). As screen resolutions improve hinting will become less important.
Because of all this, free fonts on the web (or the cheapo font knockoffs you can buy) are perfectly fine for use in printed materials or for large font use. It's when you're trying to read body text in a poorly hinted font that you really appreciate what you get with a higher quality font.
Interestingly hinting is largely irrelevant for X users. Hinting in TrueType is patented. Every distributor (including FreeType themselves) disables hinting support as a result. Unless you're willing to build a patent infringing copy of FreeType yourself (it's a simple change), you'll never benefit from high quality hinting information. If you don't mind anti-aliased fonts it's probably not a big deal, between FreeType's non-infringing auto-hinting and anti-aliasing support it's a minimal drop in quality.
Data Wiping (Score:2, Interesting)
Re:Data Wiping (Score:4, Funny)
Re:Data Wiping (Score:2, Funny)
Re:Data Wiping (Score:3, Interesting)
It's a trivial matter to recover data that has been "erased" by writing 0's over it. TRIVIAL. It's a little more difficult if you write true random data mixed with alternating 0/1 bits (overwriting several times, in several passes), but recovery is almost always possible with the right equipment. Complete destruction is the only sure way.
This got modded up, why???
Slashbot morons.
the part I found funny (Score:5, Funny)
Re:the part I found funny (Score:5, Funny)
"Ooh, toxic smoke! Let's get closer so we can breathe it!
Re:the part I found funny (Score:2)
So what? (Score:4, Funny)
So you can justify posting a 8-year old badly written and poorly translated article in an obscure German magazine merely because you think it's a novel way to "stick it to The Man"?
And here I thought that we'd never run out of material to generate amazingly insightful comments and unlimited nasal chuckles from the peanut gallery.
But I guess we've hit a new low.
New government revelation (Score:2)
G: There are bugs in Windows?
B: Yes, bugs!
G: Many bugs?
B: Yes, many, many bugs! Very terrible stuff.
G: What about Office?
B: Yes, bugs there too?
G: What about Justice Department?
B: Don't worry, Justice Department will blame drivers . . .
Hard Drive Destroyed (Score:5, Interesting)
This from personal experience. I work for a rather large company. When we were upgrading from Windows 95 to 2000, many of the exec. at the company expressed concerns about the confidential data on their old machines. We Assured them that the data would be deleted.
We took the hard drives out to the parking lot broke open the drive, started up a road flare and proceeded to melt down the platters. We left the drive 'cool' down and took them back into our exec. and showed them to him. He was quite happy with the procedure. He asked that all exec.'s hard drive be treated the same. We decided at that point our supply of flares would not last so one tech mentioned that he had a blow torch at home. Next morning he returned with 10 nicly blown hard drives.
On another note, I've heard (someone please verify) that the military uses explosives to take care of old hard drives and storage media.
Ted
Re:Hard Drive Destroyed (Score:2, Informative)
Re:Hard Drive Destroyed (Score:2)
Re:Hard Drive Destroyed (Score:3, Informative)
Last I heard, this [easydatarecovery.co.uk] is how they do it.
Re:Hard Drive Destroyed (Score:2)
Re:Hard Drive Destroyed (Score:2)
--Blair
"Fascinating."
Re:Hard Drive Destroyed (Score:3, Interesting)
Re:Hard Drive Destroyed (Score:2, Interesting)
We used thermite grenades for 'emergency' destruction.
HD Windchimes (Score:2)
I would think that a couple of well placed off center drill holes, along with extended soaking in sea water and or other destructive chemicals would be also effective.
Dis-assembly and conversion to windchimes also is an interesting alternative. Hard drive discs make good raw material for a number of interesting projects.
Re:Hard Drive Destroyed (Score:2, Funny)
I seem to recall a usenet post about some chap that was attending a some conference and the subject of deleting data from disks came up during conversation . One of the attendees said something like well, where I work, we just put our old drives into a hole
Everyone laughed at that, til they realised the speaker wasn't joking...
'course, that was quite a while ago now
New business model! (Score:2, Funny)
2) Keep actual slagging procedure secret
3) ???
4) Profit!
Oh wait; I guess step 2 won't work now [eecue.com].
Drive slagging. (Score:4, Funny)
I used to just throw mine into the nearest active volcano, until I found out some volcano-diving kiddie named d4r74 was reading them anyway.
Re:Drive slagging. (Score:2)
We realized we should have removed the PCBs from the drives first... oh well:"
What is more unhealthy? Volcanic gas, or melting hydrocarbons with aluminum? I can't decide.
Re: Drive slagging. (Score:2)
I think they made an idiot proof way to erase a drive, but a better idiot will always find a way...
Gates doesn't say bugs are good! (Score:4, Insightful)
Okay, it's 8 years old, so it's irrelevant, but still, the most revealing comment to me is:
And it makes perfect sense! New versions should not be about bug-fixes. Being told to "Upgrade" should never be a valid response to someone complaining about a bug. Gates isn't saying bugs are in their on purpose, he isn't saying their good. He isn't saying they're in there because that's what sells. He's saying bugs are bad, bugs should be gotten rid of in any given version, and that a new version isn't about bug fixes, it's about new features. Isn't that what a new version SHOULD be?
Some software companies are bad at that. Some companies <cough, Intuit, cough> *DO* insist that to fix a bug, you must upgrade. That is stupid.
Re:Gates doesn't say bugs are good! (Score:2)
I've seen several folks say that this interview is terribly old news and should thus be heavily discounted. There is some truth to that but here's the problem...
In the last few years, I've heard (well, seen in print) several interviews with Gates where he essentially says the same thing about upgrading for bugfixes is not a valid reason to upgrade. He always gives it the standard MS spin about the great new and shiny features with new releases, but almost always disclaimed bugfixes as the reason people should upgrade.
I'm sure some enterprising individual can locate a few similar quotes with google. I searched a bit last night but got tired of the search, and didn't much see the point since I specifically recall having seen it on more than just a couple of occasions.
Data erasure from the latest Circuit Cellar Ink (Score:3, Funny)
Very cool magazine. Check it out at:
http://www.circuitcellar.com [circuitcellar.com]
Re:Data erasure from the latest Circuit Cellar Ink (Score:3, Insightful)
Even if you grind the platters, the density on modern drives is so high that you're still leaving large amounts of data lying around.
Re:Data erasure from the latest Circuit Cellar Ink (Score:2)
I'm not asserting that this would be the case: just wondering
Re:Data erasure from the latest Circuit Cellar Ink (Score:2)
Thats a fire way to prevent genetic data from being copied as well...
Gates' Interview (Score:2)
Hard Drive Data (Score:5, Informative)
Crikey, from the posts here, people aren't very creative on how to get data off of a drive. You don't use any high-level programs like norton, or even something like "dd"; in fact, you use vendor-specific programming modes on the drive. (An example of programs that use such commands would be things like "MaxPower" from Maxtor, where they are clearly getting non-standard data from the drive.)
Then, you use these commands to tweak the calibration registers to move the head a fraction of a track at a time, reading the data at each step. Hopefully, at one extreme or the other, you get a residual of the data. More sophisticated techniques would involve correlating data read at each subtrack step. This is left as an excercise for the reader.
Re:Hard Drive Data (Score:3, Funny)
Vera, what do you look like? (Score:3, Insightful)
Re:Vera, what do you look like? (Score:5, Informative)
Dodgy word "slag" (Score:3, Funny)
Is this one of those words, like fag and wank that means something horribly different depending on what side of the Atlantic you happen to be speaking?
I think we should be told.
Uhm... (Score:2)
According to dictionary.com, "slag" has no known real world pejorative meaning.
Re:Uhm... (Score:2, Informative)
noun [C]
BRITISH TABOO
a woman whose appearance and behaviour, esp. sexual, are considered unacceptable
Re:Dodgy word "slag" (Score:2, Informative)
Comment removed (Score:5, Funny)
Spirited Away (Score:3, Insightful)
Next article after MS one (Score:3, Funny)
Heh, just kinda reminds me of the day when the net was so innocent.
Securely deleting encrypted data (Score:5, Informative)
It turns out you can do that if you have some securely deletable way to store just one key (e.g. 16 bytes for an AES key). See here [google.com] for further description and a link to sample code.
Absolutely Beautiful! (Score:4, Informative)
Why not? (Score:3, Interesting)
It's great to see that the license is Apache-like. (Score:2, Flamebait)
Diana Wynne Jones (Score:3, Interesting)
I don't really have a comment here. I'm just curious whether i'm the only person on Slashdot who's heard of Diana Wynne Jones. She was, like, one of my favorite authors all the way through junior and high school, but not a lot of people in america seem to have heard of her (she's apparently mostly known in Britain.. apparently Neil Gaiman is a big fan, or something). I randomly wound up running across and subsequently buying a bunch of her books in paperback last week, after not having really thought about them for years, and now i see that Studio Ghibi is making one of her books into a movie. That's kind of random.
Anyway, DWJ writes this very very well-realized sf/f that is pretty clearly aimed at a "younger audience". but doesn't seem any shallower now that i'm a bit older. Am I the only fan of hers around here? Just curious.
Slagging vs.Naval Jelly (Score:4, Interesting)
The GNOME project should not use non-free software (Score:2)
According to their website [gnome.org], the GNOME project is part of GNU [gnu.org]. GNU was founded to make the dream of software freedom [gnu.org] a reality. The Bitstream Vera fonts offered to us here and now (the "beta" fonts) are not Free Software. Nobody is licensed to redistribute the fonts, so they cannot possibly qualify as Free Software. Therefore, it makes no sense why GNOME would do anything with these fonts at all. The GNOME project should wait until Bitstream releases the fonts under a Free Software license.
I'm disappointed that an official part of GNU would get involved with these non-free fonts. If you are interested in using only Free Software, I urge you to not obtain copies of these fonts under their current license. It's times like these one can measure how interested they are in pursuing freedom versus pursuing convenience. The freedoms of Free Software got us the community we treasure. Don't throw that away.
Hey-- slaggin' hard drives was my idea! (Score:2)
I bought the Dave Gingery Build Your Own Metalworking Shop From Scrap [lindsaybks.com] books a year or so ago, but haven't gotten around to building anything yet. It occurred to me, after reading the books, that dead hard drives would make a reasonable good source of aluminum. I guess I've been beaten to the punch.
I actually had a client request that I destroy some of their hard drives a couple years ago. Fun stuff, getting paid to break stuff. I dd'd /dev/zero over 'em, wrote some pseudorandom crap onto them after that, then popped the tops, pulled the platters out, and hit 'em with a belt sander-- all "on the clock"!
Re:hard drive destruction (Score:5, Insightful)
Re:hard drive destruction (Score:4, Interesting)
Very true. I have a friend who works for a large think tank up here in Massachusetts, and they had some critical data from a few years ago that they had to get off of a drive that had since been reformatted with a couple of different file systems and used for multiple different OSs in different workstations. (How the hell they ever figured out where the data was in the first place, I'll never know, but anyway
They took it to a commercial data recovery service and for about $500 they'll put it through one of those devices that reads weak quantum residues and get you back whatever data it was that you were looking for. Of course, the drive is in itty-bitty irradiated pieces, so you can never use it again, but it works
Re:hard drive destruction (Score:2, Funny)
Re:hard drive destruction (Score:3, Insightful)
I think the underlying issue is that all too often no one takes these kinds of precautions, or no one thinks to take them with a drive that's "Dead". Had a client send me a "dead" drive (awful clicking screeching noise, you know, dead.) Slapped it into an oven for a minute to loosen up the lubricants inside, and was able to write about 60% of the data off it before it crapped out for good.
The way many people take security, I think it's all to the good to tell them to toss a drive in a fire for an hour or so, just to make sure that the data is really gone. Half these jokers think DELETE actually removes information from the drive.
My Company Thinks That Too (Score:2)
Re:hard drive destruction (Score:5, Insightful)
In some cases security has to take into account not only current threats, but future threats as well. Magnetic technology has been advancing quickly. A technology which can pack a terabytes in a square inch is also likely to be able to find and separate the remnants of multiple writes at today's gigabyte densities. If you have something you want to keep secret for the next decade or two, it's prudent to take extreme measures when you wnat to destroy it.
Re:hard drive destruction (Score:2, Funny)
If you want to get rid of sensitive data, just put it on an unreliable hard drive to begin with and the problem will take care of itself.
Course, with how angry I was about having so many drive failures, I wouldn't mind mailing back one of their drives in the form of hardened slag.
Re:See me where? (Score:2, Informative)
"Porco Rosso" has been released. The Japanese Region 2 DVD has the English Subtitles and English Soundtracks on it. If you want "Porco Rosso", and cannot wait for the US release, then you will be paying a lot more for the Japanese release.
Anime DVDs for the Japanese market cost a lot more than those sold in the US. To the point that it is a problem for the Japanese Anime distributors when the US Releases flow into Japan at a lower cost. "Porco Rosso" only came out recently, so it is likely that Studio Ghibli is waiting untill they have made enough out of their local market before allowing the US releases to appear. Also the US releases are for the movies that Disney licenced, and it is possible that Disney don't hold the licence for "Porco Rosso" at the moment.
Re:Thats the best way... (Score:3, Informative)
Well, one problem with that method is that the data can still be recovered. Read this paper [auckland.ac.nz] for more information.