Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment: Re:Now is the time to turn automatic updates off (Score 1) 142

by bolek_b (#46520907) Attached to: Firefox 28 Arrives With VP9 Video Decoding, HTML5 Volume Controls
I'm writing this on Firefox 22.0 / WinXP. Updates disabled for both. No antivirus, unless Sysinternals tools and system debugger count as one. Running it this way for more than ~3 years. Would you point out how exactly is a virus going to infect this machine, if I strictly adhere to a couple of basic information hygiene rules?

Comment: Re:what a fuss about nothing (Score 3, Informative) 125

by bolek_b (#46313755) Attached to: Chrome 33 Nixes Option To Fall Back To Old 'New Tab' Page
Firefox has this ability as well, it is not so obvious, though.
  • Go to a page with some search field, for example amazon.com title page.
  • In Firefox Search Bar, expand its pop-up menu; one of the items should be "Add Amazon Search Suggestions". Click it
  • Once again go to Search Bar pop-up menu, this time for "Manage Search Engines..."
  • Select the appropriate row and click "Edit Keyword..."
  • Type some reasonably short abbreviation, such as "ama"

You are done, now you can type "ama cthulhu" and there you go. I have there shortcuts for Google (keyword "g"), Wikipedia ("w"), YouTube ("y"), IMDB, CPAN and a couple of other sites and it is really efficient and comfortable.

Comment: Redesign antipattern (Score 2) 237

by bolek_b (#46165671) Attached to: Update on the March of Progress: How Slashdot's New Look Is Shaping Up
I thing pattern encyclopedists may start a new file. My proposal:

NAME: Stuffing a modern redesign down the users' throats
TYPE: Antipattern
ACTORS: Site owner, Audience
RECIPE: Take a popular web site. Apply a new design that consists of all hip and trendy aspects, such as big spacing, all-caps etc. Remove a couple of functions or provide some obstructions. Make it confusing and inefficient. In Great Proletarian Cultural Revolution style, remove all alternatives that could resemble old way of doing things. When userbase starts to complain, take a firm stance. Arrogance may be used to make the message clearer (get inspiration from Google UX butcher Jason Cornwell).
RESULT: Enjoy your new redesing. Additionally, you can expect lower costs for site operation, as there will be sharp drop in net traffic.

Comment: Agreed (Score 1) 237

by bolek_b (#46165349) Attached to: Update on the March of Progress: How Slashdot's New Look Is Shaping Up
"THIS SITE IS OPTIMIZED FOR USER INTERFACE FORMERLY KNOWN AS METRO"

I dont know what motivation there is for such change. Maybe the architect of Flickr redesign was fired from Y! and landed here. Or the guy who made me use "the new, better, shiny GMail interface" much less than ever before, to the point of driving me off. My point would be that we don't need "presentation for easy information consumption". If there is a site for complex, in-depth, not-easily-understandable news, information and discussion, this is (or used to be) it. If I need easy-to-consume contents, I go to 9gag.

But this farce, where grey comment frames look like forgotten WebDeveloper frame mode... visual clutter, clutter everywhere. Hey, despite the teaching of modern UX dogmatics, even excessive use of whitespace may be perceived as clutter. I have 1920x1080 resolution, full-screen Firefox - and I see 5 comments per screen (3 of them are one-liners)!!

Just to be clear - I am not afraid of change. To prove it, I will simply stop coming here once the "Classic" option is removed. It didn't hurt when I did this with Flickr, I will survive without Slashdot too.

Comment: DHS (Score 2) 784

by bolek_b (#45554191) Attached to: Disabled Woman Denied Entrance To US Due To Private Medical Records
I think it cannot be a coincidence that an organization that has some kind of "internal/state/etc. security" in its name, turns out to be extremely evil, harassing, arbitrarily strict towards deemed suspects and so on. After all, for DHS translated to Russian, KGB is pretty accurate translation.

Comment: Re:What is Bruce Schneier's game? (Score 1) 397

The visible partition reports whole 1TB. Truecrypt does not "know" about the hidden partition nor tries to protect it. If you store 1TB of data in the visible part, you will damage whatever was stored in that hidden compartment (the hidden part is stored at the very end of the container file).

For example, I do have a file 2GB large. But it is 99% empty, as I store only passwords, private keys, scans of various personal documents etc. there, all together takes up a couple of megabytes. If there was a need, I could put a 1,5TB hidden partition there. I would argue that the container file size was based on some assumptions regarding future content...

Comment: Re:can someone please explain (Score 3, Insightful) 229

by bolek_b (#40985911) Attached to: Researchers Seek Help Cracking Gauss Mystery Payload
If I remember correctly, Stuxnet targeted Windows machines in the first step too. There it infected developer tools and the damage-causing payload did get compiled into programs for those SCADA systems of certain importance. So Windows systems might not have any obvious importance at all, but they play a role of the weakest link surprisingly well.

Comment: Re:Another aspect of this mystery (Score 2) 229

by bolek_b (#40985667) Attached to: Researchers Seek Help Cracking Gauss Mystery Payload

As an evil virus author, I would add another twist: make the plain-text part of the virus install the font (we know it does so). Few moments later, from within the encrypted code, uninstall the font (we have no clues what that code actually does).

Unsuspecting folks would devise infection detectors, which will give nice "false negatives".

Comment: Re:Another aspect of this mystery (Score 2) 229

by bolek_b (#40985261) Attached to: Researchers Seek Help Cracking Gauss Mystery Payload

Pity. I was hoping that this would be a clever part of systemic offensive. Like forcing laser printer to release deadly toner fumes by downloading evil curves of this font. Or making its kerning so bad that the users would collapse with severe headaches.

Judging from the infection vector (i.e. USB sticks), I suspect that the targets are off-line, or at least heavily firewalled. Mind you, the target is most probably some military facility, likely in Iran. I don't think navigating to a non-white-listed web page wouldn't raise alarm, from the virus author's point of view an unnecessary complication.

Comment: Another aspect of this mystery (Score 2) 229

by bolek_b (#40984893) Attached to: Researchers Seek Help Cracking Gauss Mystery Payload
By the way, TFA says that the virus even installs some font. This unusual step confuses me quite a lot. Is it for some kind of "exposed but not obvious" document watermarking. Or is it preparation for some future infection vector? Questions :-(

Does somebody know whether there is that font ("Palida Narrow") available?

Comment: Re:can someone please explain (Score 5, Interesting) 229

by bolek_b (#40984767) Attached to: Researchers Seek Help Cracking Gauss Mystery Payload

One of my guesses is that both the PATH element and the Program Files item are linked to a single application. That way, as long as the application is installed, the payload would be decryptable. The name check suggests that the application is some in-house project, probably not publicly released.

But maybe the "trigger" is an application in certain environment. Then the Program File would determine application presence. Then the expected item of PATH could refer to some network share, mapped disk, e.g. T:\Repository\bin. Such combination would be pretty unique and therefore an ideal "trigger", IMHO.

"Why should we subsidize intellectual curiosity?" -Ronald Reagan

Working...