Comment greatest post in quite a while.... (nt) (Score 0, Offtopic) 287
(nt)
Ethics of Releasing Non-Malicious Linux Malware? 600
buchner.johannes writes "I was fed up with the general consensus that Linux is oh-so-secure and has no malware. After a week of work, I finished a package of malware for Unix/Linux. Its whole purpose is to help white-hat hackers point out that a Linux system can be turned into a botnet client by simply downloading BOINC and attaching it to a user account to help scientific projects. The malware does not exploit any security holes, only loose security configurations and mindless execution of unverified downloads. I tested it to be injected by a PHP script (even circumventing safe mode), so that the Web server runs it; I even got a proxy server that injects it into shell scripts and makefiles in tarballs on the fly, and adds onto Windows executables for execution in Wine. If executed by the user, the malware can persist itself in cron, bashrc and other files. The aim of the exercise was to provide a payload so security people can 'pwn' systems to show security holes, without doing harm (such as deleting files or disrupting normal operation). But now I am unsure of whether it is ethically OK to release this toolkit, which, by ripping out the BOINC payload and putting in something really evil, could be turned into proper Linux malware. On the one hand, the way it persists itself in autostart is really nasty, and that is not really a security hole that can be fixed. On the other hand, such a script can be written by anyone else too, and it would be useful to show people why you need SELinux on a server, and why verifying the source of downloads (checksums through trusted channels) is necessary. Technically, it is a nice piece, but should I release it? I don't want to turn the Linux desktop into Windows, hence I'm slightly leaning towards not releasing it. What does your ethics say about releasing such grayware?"
G-WAN, Another Free Web Server 217
mssmss writes "Has anyone used G-WAN — a free (as in beer), supposedly fast and scalable Web server? The downside is it supports only C scripts, which the author claims is a plus since most programmers know C anyway. There is currently only a Windows release and no clear answer in their FAQs whether there would be Linux/Solaris releases. As an interesting aside, releasing a Web server while at the same time fighting a losing battle (PDF) with a large bank over a piracy claim of $200 million (the bank is alleged to have done the piracy) is quite a feat."
Network Security While Traveling? 312
truesaer writes "I'll be spending all of next year backpacking through South America. In the past I've used Internet cafes while away, but this time I plan to bring a netbook and rely primarily on Wi-Fi hotspots. I'll be facing the same issues and risks that business travelers in hotels and airports face, as well as those encountered by millions of other backpackers, gap-year travelers, and students. Since my trip is so long I'll have no choice but to access my banking, credit card, and investment accounts on public networks. I will not have a system at home to connect through. Other than an effective firewall, a patched system, and the use of SSL, what else should I do to protect my information? Keep in mind that many places have very poor bandwidth and latency."
The World's First Osmotic Power Plant 262
ElectricSteve writes "Her Royal Highness Crown Princess Mette-Marit of Norway officially opened the world's first osmotic power plant prototype on November 24. The prototype has a limited production capacity and will be used primarily for testing and data validation, leading to the construction of a commercial power plant in a few years time. Statkraft claims that the technology has the global potential to generate clean, renewable energy equivalent to China's total electricity consumption in 2002 or half of the EU's total power production" What's osmotic power? Wikipedia to the rescue!
Comment soo... (Score 5, Funny) 333
Did anyone else notice the story submitter's alias links to a sex toy shopping site?
Submission + - SPAM: AKC Dog Breeds
bontil80 writes: "In AKC dog breeds, you can learn more about dog food and the nursery from the dog.Looking for AKC DOG BREEDS? Here's AKC DOGS BREEDS information for you!
Want to learn about AKC dog breeds? Loads of AKC dogs breeds tips and tricks, all FREE here."
Link to Original Source
Want to learn about AKC dog breeds? Loads of AKC dogs breeds tips and tricks, all FREE here."
Link to Original Source
John Carmack Says No Dedicated Servers For Rage 162
AndrewDBarker writes "Modern Warfare 2 will use a matchmaking setup powered by IWNet for online play (as we've discussed). It's too early to say what Rage will use, but Carmack indicated he believed the servers are something of a remnant of the early days of PC gaming. That said, he realizes the affinity many PC gamers have for them — and is glad Rage won't be leading the charge away from them. 'The great thing is we won't have to be a pioneer on that,' he says. 'We'll see how it works out for everyone else.'"
Comment Benevolent dictators (Score 1) 815
It's only accepted as long as infighting between developers continues to waste energy on all sides. A war of attrition that's characterized open source for so long that no one knows any better (1984, war is peace). A "benevolent dictator" should roundup the sound guys and stop their fucking around. Mark Shuttleworth shaped Ubuntu up to be the ONLY decent desktop linux distro, Guido van Rossum made Python a uniquely usable and efficient programming language (ditching backwards compatibility with the 3.0 release), and Steve Jobs carried Apple out of the gutter. So many open source projects flounder without strong (and sometimes arbitrary appearing) direction.
Comment Misguided (Score 0, Flamebait) 611
Fantastic investment when the extent of enemy combatants' airpower are RPG's that can't hit anything above a few hundred feet, and much of your population has no running water.
Comment Huh? (Score -1, Troll) 376
Huh?
Comment I've used these... (Score 1) 569
How many meetings do you have?
This always gets a laugh, valuable when potential engineering hires usually seem quite dry. Meetings usually waste time, and their answer will give you a better idea of how much real work you can actually achieve.
What's your relationship with academia?
This question is good if you're interested in more researchy-work, or have grad school on the horizon (or in your past). Companies that associate with universities tend to do more serious research. If you plan to attend grad school, working for a company connected with academia will get you a letter of recommendation appearing much stronger to the professors who handle PhD admissions.
Is there a dresscode?
You'll probably know the answer to this beforehand, but some companies aren't so clear. The aeronautical engineering field is generally business-casual, but I've interviewed at two aero companies where anything goes. For some people, this can be a significant workplace comfort issue and indicative of overall work environment.
How selective are you with tuition reimbursement?
Most engineering companies will compensate you for taking courses at a nearby university (or online). Some companies only pay for courses related to your work, others will let you take courses in anything. It can be a nice perk to finally take that astronomy or life drawing course you couldn't squeeze in during undergrad.
Comment Irrational bias? (Score 1) 843
Well, I work in a team engineering environment where everyone already HAS Word and KNOWS Word, and no report is a solo effort. I can't force everyone to spend weeks learning my cool pet app/language and let other projects fall by the wayside. These people aren't programmers. I don't know, is lost productivity due to cost of switching rational enough for you? Not everyone is a contract programmer working from home, which is something a lot of Slashdotters seem to miss.
Oh, and I've run linux for seven years (Mandrake, Slackware, Gentoo, then Ubuntu), most recently for six months as my only OS - until I switched to Mac. Before OOo (which I use at home without issue), I used StarOffice in high school to write my chemistry reports. The lack of understanding from FOSS advocates, and their presumptuous attitudes impedes their attempts at inroads more than the quality of their software. New solutions MUST play nicely (more like FLAWLESSLY) with existing solutions if there's to be ANY change, unless the existing solution is obviously flawed to users. Most of the time, it isn't. Corporate inertia. It sucks, but that's the real world.
Comment Context-sensitive UI ftw (Score 1) 617
Yeah, the Ribbon is much more efficient. The key was recognizing that context-sensitive menus reduce user workload in finding what he needs. There are two approaches to displaying functions in an application to a user:
- Assume nothing, and display all functions in lots of menus. Very simple and straightforward, but user must dig through a lot of chaff to find what he needs. Repetitive access to frequently used items becomes tedious, but everyone gets a static interface.
- Assume some things. It's known from common sense and usability studies that most users working on Item X probably would use Tools Y and Z. Likewise, he probably wouldn't benefit from Tools A and B, so those should be tucked away. It's strange to have a dynamic interface like this, and takes some training, but when done well it streamlines function access.
#1, the static interface, is traditional. #2, the dynamic interface, is the Ribbon, but also the Mac OS top task menu, and the toolbox in the Gimp. We're less used to context-sensitive menus in word processors, but when we realize that these have become fullblown page layout and formatting packages, it makes more sense. People aren't just typing letters in word processors, but also formatting newsletters, compiling engineering reports and writing technical PhD theses (with equations, charts, tables of contents, special characters out the wazoo...). These have blossomed into powerful apps for combining and organizing text, mathematical, graphics and tabular information, far more than the typewriters they originally replaced. With that current usage, a dumb interface with forests of menus or tabs doesn't make sense and totally slows down the project. The application should, and can, take care of the user's needs a bit more, and with the Ribbon in Office 2007 it's worked splendidly.
Comment Word isn't just for printing (Score 1) 843
I keep Word because I still need to format documents. Notepad isn't appropriate for a 100+ page document with a table of contents, figures, equations, tables etc. Is there a more convenient way of formatting a complex technical report that doesn't involve some kind of word processor? It doesn't matter if it's being printed, organizing such a body of work and conveying the information clearly requires more than a text editor.
