Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×

Comment Re:One state down, 49 more to go.... (Score 2, Insightful) 849

by galego (#31094778) Attached to: Subversive Groups Must Now Register In South Carolina
OK ... let's break this down ..

"(1) "Subversive organization" means every corporation, society, association, camp, group, bund, political party, assembly, body or organization, composed of two or more persons, which directly or indirectly advocates, advises, teaches or practices the duty, necessity or propriety of ...

  • controlling - lobbyists, right?
  • conducting - lobbyists and defense contractors
  • seizing - either party in an election year, year before an election year ... or these days, the day after the election we just had.
  • overthrowing the government of the United States - what the hell does that mean!?!?!?!?

...

But in the end ... I think this (bolded) is the important part:
... of this State or of any political subdivision thereof by force or violence or other unlawful means

So .. in the end, it's just a virtual turing stupidity test; An easy way to round up the bottom feeder idiot anarchists/communists/whatever-ists.

Comment Re:Responsible Disclosure (Score 1) 220

by galego (#30732874) Attached to: Firm To Release Database, Web Server 0-Days

And to make waters muddier ... how about throwing this in the mix ... to whom is the 'responsible' part of responsible disclosure? If I paid for software (.e.g IBM DB2 and other commercial vendors are on the list), the company needs to be responsible and disclose the issue to me if it was disclosed to them (... IMO). How many vendors do that when a security researcher/firm 'responsibly' discloses a vulnerability/exploit to them (with or without embargo date)?

There's more than one angle for responsibility in the debate.
Windows

Submission + - Secure File Transfer with windows/.Net hosting? 4

Submitted by
galego
galego writes: "I've done a variety of web development at work and at home. I'm thinking of getting a .Net hosted account to do some work with that. One of the things I always look for when looking at hosting companies is a secure (well, encrypted that is) form of file transfer. For Windows/.Net hosting, are there any good options out there? I've looked around some and I don't really see any so far. I tried once to set up sftp on windows on a system at work (that is without paying for some custom/proprietary version), and it didn't go so well. Some *n*x hosting companies don't offer sftp, but if they allow ssh, then I can at least use scp. I'm not seeing anything equivalent with Windows/.Net hosting ... suggestions?"

Comment Re:Yeah. (Score 2, Insightful) 605

by galego (#30608808) Attached to: Do Your Developers Have Local Admin Rights?
At my last 2 jobs developers have had security exceptions for local admin rights. The combination of money lost due to wasted time otherwise plus the fact that developers are going to cause less harm than average users is apparently enough to persuade even management.

I think there's validity to that ... for most semi-responsible developers.

However, if you are programming with security exceptions, you are likely to develop things that have/require more security exceptions (e.g. you must be admin/dbo/superuser/root to run it). It's not going to happen just because you're running as admin ... but it becomes much easier to do so ... unless you have pretty rigorous testing specifically targeting other user types. My team all has regular user accounts on their desktops and we do just fine. A couple of us (me as lead) have admin rights to maintain the system (we have a duplicated network/environment to do our work), install stuff etc.

Why propagate the Microsoft development model of must-be-admin-to-run-the-software?>

Comment Re:Monopoly position to overcharge for their softw (Score 1) 266

by galego (#29913113) Attached to: Los Angeles Goes Google Apps With Microsoft Cash
How exactly did they "eliminate alternatives"

One way is to buy-and-shelf. There's also flooding the market with a free-but-inferior product ... that didn't quite work with Money against Quicken though

and made contractual obligations with their resellers. *gasp*

Some would say that's where they used thugs and tommy guns ... or some modern equivalent, like lawyers who can manipulate 'immoral laws'. Yes ... if OEMs and other companies had more cojones to tell M$ to screw off, some of this would have taken care of itself. Of course, we're in the US ... we use legislators and lawyers to solve that stuff.

Comment Forget your silly pr0n folks (Score 1) 174

by galego (#28561335) Attached to: Your Browser History Is Showing

Granted, some of you are concerned about people finding out the sites you visit, but what about a real world problem (or two)?

Some time back, there was an attack that threw a phony dialog pop-up saying that your timeout had been expired at your bank site. Combine that with being able to see *what* bank's site (and whether or not you have been at it recently). This could even be injected through a compromised ad-server system or the like. Maybe you don't even have to visit my site. There's some moving parts in there, but things like this, combined with click-happy-and-fill-in-personal-data user syndrome could make for some pretty sophisticated attacks.

From a private organization's perspective (many of whom have private systems, blocked off from the outer world) ... this can also be used to help map their internal network from the outside (just by one of their users visiting a site). Think about that after you visit your interal cisco web interface and then merrily tab into some other site.

I am particular about who I allow to set cookies, but not so much about my history (except that I do wipe it .. and other 'private data' when FF closes). don't know that I'll change that behavior yet, but will probably modify the config on visited site styles as some have suggested here.

Slashdot Top Deals

To program is to be.

Close