Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Bug

False Start For Cyber Security Challenge UK 18 18

An anonymous reader writes "Netcraft writes about an ironic 'false start' for the Cyber Security Challenge UK website. The new venture touts itself as 'a programme of national challenges, designed by experts, to identify and nurture the UK's future cyber security workforce.' Unfortunately, the website appears to be vulnerable to a basic cross-site scripting vulnerability which was easily found by some Twitter users."
Privacy

Why Tor Users Should Be Cautious About P2P Privacy 122 122

An anonymous reader writes "I went across your post a few days ago saying that a machine connected to the Internet was all one needed to spy on most BitTorrent users of the Internet. I followed the link to find out that those researchers from INRIA claimed their attacks also worked for BitTorrent users on Tor. I didn't believe it at first, but then today I found this link on the Tor Project. It seems their attacks don't only link your real IP to your BitTorrent files on Tor but also to the web pages that you're browsing! Tell me it's a joke." No joke, but according to Jacob Appelbaum (a Tor developer), the security flaw is more nuanced — and the fault of software outside of Tor. Read on for his explanation of how the privacy benefits of Tor can be easily lost.

Comment Re:Find a new job (Score 5, Interesting) 555 555

I'm sorry, you must be under the impression that systems in a hospital are integrated in SOME fashion. They are not, and I've never heard of one that was, although my experience with them only spans about 7 years and only includes 3 U.S. states (not Mass). Electronic medical records are just now KIND OF being integrated and usually only at expensive hospitals. And I have yet to see a medical diagnostic device that didn't run in it's own vendor supported proprietary bubble. So having a virus run amok doesn't really concern me as it would get stopped in its tracks by the entire clusterfuck that is Healthcare IT.

Healthcare IT is a vendor lock-in, non-integrated mess and having IT run around and lose people's data with some mandated encryption system they probably bought from a snake oil salesman is probably worse than any scenario you might be thinking about.

Comment quality? (Score 0) 567 567

Well, this release has everything, except quality. Unless quality is new art. Using 10.04 as a Desktop is serious pain. I hope that it will be at least as stable as windows soon as currently I have to answer myself everyday "So, mr linux lover guy - what is the reason you are using linux as a desktop again?"
The Internet

UK ISP Spots a File-Sharing Loophole, Implements It 179 179

An anonymous reader writes "As well as taking an active part in OFCOM's code of obligations in regards to the ill-conceived Digital Economy Act (the UK three-strikes law for filesharers), niche ISP Andrews & Arnold have identified various loopholes in the law, the main one being that a customer can be classified as a communications provider. They have now implemented measures so in your control panel you may register your legal status and be classed as such." Another of the loopholes this inventive ISP sussed out: "Operating more than one retail arm selling to customers and allowing customers to migrate freely with no change to service between those retail arms, thus bypassing copyright notice counting and any blocking orders."
Privacy

Submission + - Perception Of Data Security At Odds With Reality->

An anonymous reader writes: Nearly three-quarters of organizations believe they have adequate policies in place to protect sensitive, personal information, yet more than half have lost sensitive data within the past two years — and nearly 60 percent of those organizations acknowledge data loss as a recurring problem, according to a global study by Accenture. While 70 percent agreed that organizations have an obligation to take reasonable steps to secure consumers’ personal information, there are discrepancies in their commitments. Nearly half did not believe it was important or very important to: limit the collection or sharing of sensitive personal customer information.
Link to Original Source

Comment This last month has made me question... (Score 4, Insightful) 320 320

my trust in OSS.

I've been an open source user and developer since long before there was a Linux. And, I've been a Linux user for a long time. Used Redhat, Debian, and now Ubuntu. I've been using Ubuntu since 5 something. I like Ubuntu. It is easy to install, gets easier all the time. It works, which is really nice. And, it has very good support for things like Flash and proprietary graphics card drivers. You can complain that it doesn't have some detail covered that is critical to you, but that's OK. I've been very happy with Ubuntu.

Well, I was. I always try to test the alpha and beta releases. In the early days I could down load the first alpha and it would work. It might get a little weird, but it would work. In the worst case I can remember the computer would at least boot up to the command prompt. That is until the 10.4 release. That just plain wouldn't boot until we got to alpha 3. It wouldn't even install. It has been awful ever since. I don't know if it is a problem with X.org, but every time I type in the search field on firefox I get a black screen. After a few seconds the login screen comes up and I can login. The machine did not reboot. It looks like typing in the search field on firefox is crashing the X server. Now, back in the early '90s I helped get a little program called xcrashme written and distributed and after that was around for a few years the X server was damned near bullet proof. What did they do to mess it up so badly? I went to file a bug report. It turned out to be a duplicate. Seems a lot of people have reported the problem. I haven't seen any action on it.

Then there is the little thing about the user interface in 10.4. Nobody in their right mind, at least no body who had any respect for their users, would change something as basic as the location and order of the window buttons. But, Shuttleworth has done just that. The reason? To make room for a "cool" something that will appear in a later version of Ubuntu. The only discussion involved in the decision was the coolness of the feature and the vague technical argument that somehow it reduces mouse movement, because the buttons are now on the same side of the screen as the menus. Oh, yeah, like the amount of time anyone spends opening new apps is worth retraining your hands to find the new buttons. On the bug discussion list Shuttleworth would not even admit that human factors might have some validity in the discussion. Only the coolness and the bullshit argument about mouse movement were treated as worthy of consideration. Shuttleworth even posted data showing his own mouse movement. The data did not support moving the buttons. But, he claimed it did. He saw what he wanted to see. After all, the new thing is so cool we should all be grateful for the inconvenience.

Why doesn't Ubuntu care about the effect the change will have on their customers? Because they have no customers. They are in it to be cool and to score techie points with other people who do not understand why proprietary software actually tries not to piss off their customers. If you don't believe me ask a human factors engineer why purple is an awful background color for a GUI and then ask what percentage of the public can read light gray text on a dark gray background. Then look at the new Ubuntu default theme. It sure is "cool". I used ssh -Y to log in from a computer with a different theme so I could work select a readable theme and move the buttons back to where I'm used to having them.

The backlash from the users has been astonishing. Even more astonishing is Shuttleworth's "I'm to cool to care" attitude.

At least for now you can move the buttons back and choose another theme. What happens when he puts his uber cool new feature into the UI? I guess I am looking for a new Linux distribution.

That was bad enough... But, then I ran into OO.o Issue #956 (http://qa.openoffice.org/issues/show_bug.cgi?id=956). Have you heard about this one? It was filed May 25, 2001. For comparison current issue numbers for OO.o are now above 110,000. #956 is still open.

I ran into this bug because I'm a teacher. I have Windows and MS Office at school and I use Ubuntu and OO.o at home. One day my students were having the usual problem trying to see why the product of random variants always form a Gaussian curve when you count them in buckets and plot the number of items in a bucket. I had this flash of inspiration and used Excel to cons up an iterative spread sheet that generated a few thousand samples, or just one if you want to press F9 a whole lot, counts the result in buckets and plots the results in a bar chart. Only took a few minutes. Guess what? The students could now sit there and play with different random distributions and see that a truly random distribution spreads values all over the place and one based on the product of random variables gives you a Gaussian curve. It was very effective. I gave myself a pat on the back.

So, I went home an loaded my spread sheet into Calc, set the iteration count, and watched the spread sheet spit out an error message. So... I went looking for what that meant and since it was obviously an error I went to file a bug report only to find that the bug was filed 9 years ago. It has been refilled many times since then. It was filled by engineers who were disappointed that there analysis spread sheets don't work. It was filed by a biologist at a major research lab who was looking for a spread sheet to run on super computers but had to go back to Windows because the bug was reclassified as a feature request. I saw that the bug was refiled and refiled and refiled. I saw on the discussion groups any number of people who asked why this feature doesn't work. The reply was usually that you shouldn't use a spread sheet that way, you should write a program. Why should they write a program? Because doing that, what ever that is, is very inefficient when you do it on with a spread sheet. When the poor fellow replies that he is not a programmer, the helpful people on the lists give an answer that always translates to "Sucks to be you."

This is a case of the people who are developing Calc not being typical spread sheet users. They are shit heads who think it is better to waste years of human life rather than "waste" a few CPU cycles that could have been spent doing nothing at all. Twisted and sick is what I call people like that. Oh well. Over the last 9 years OO.o has passed up the chance to become a major player in mechanical and electrical engineering analysis and the chance to be accepted as a tool for Biological research. All these folks were looking for a spreadsheet that can run on really fast hardware that might not be supported by Windows. No such luck. The folks at OO.o are willing to tell three entire intellectual disciplines that they should not use a spread sheet for their work. What they are really saying is "We know what a spread sheet should be used for and just because you can use Excel that way is not a reason for us to violate change our opinion. After all, we are the developers, we know what it is for. Just because it would make your life and your work easier and better is no reason for us to fix this. BTW, it is not a bug, it is the way a spread sheet is supposed to work." What they are saying is that they would rather have me, and all those other people, buy from Microsoft rather than change their preconceived notions of the "proper" use a spread sheet. I wonder if any one of those folks has ever written a spread sheet with more than a few dozen formulas? Have they ever written a spread sheet to solve a real problem? My bet is that all they have ever written is minimal test cases.

Again this is a case of people being allowed to ignore feedback from their customers because they have no customers. OO.o is free. So, people who get it have no leverage over the people who make it. No matter how wrong the developers are, they can ignore the users completely because they get to be the developers whether people use OO.o or not.

So, I am looking for a spread sheet that correctly implements iteration. My definition of "correctly" is very simple. The implementation has to let me, all those EEs, MEs, and Biologists, run our spread sheets. It don't demand 100% compatibility with Excel, I don't want Excel's bugs. But, I would like it to support core functionality like interative spread sheets. I know I am asking too much.

Oh, yeah, for the guy how tells me to just down load the spread sheet and fix it myself... right.... I could down load it, and I could fix it. I have those skills. So, why not? What do I get if I do that? I get a copy of the spread sheet as it was when I downloaded the source code. I don't get updates because the code is no longer compatible. I could give it to my students. But then I have to provide it to them as a special package. They can't just download it. I get the joy of spending a long time learning enough about the code base to make my changes and wind up with an obsolete version. How much of my life is that worth? How much is that amount of my life worth? The answer is that it is cheaper to just buy a copy of MS Office. Do the math. MS Office is expensive. But, even at minimum wage if buying a copy saves you a week or two of messing with code then you have made a profit by buying MS Office.

What's that you say? I could donate the code back to OO.o. If I thought it would be accepted I might just do it. OTOH, what I see in the issue comments and what I saw on in the discussion groups tells me I have snowballs chance in hell of getting a patch accepted. That means I don't even get the warm fuzzy feeling I get from helping other people. I just get to feel stupid for trying.

Using the same math tells me that buying a copy of Windows 7 may be cheaper, and much less painful, than upgrading to Ubuntu 10.4. And people wonder why Linux isn't catching on on the desktop. Of course then I'd actually have to use Windows voluntarily.... I'm not sure I could look myself in the mirror after doing that...

As long as people who value own opinion and CPU cycles over people are in charge of making the decisions on OSS software projects OSS is pretty much doomed to the backseat position it currently has. Yeah, Yeah, you can point at all sorts of counter examples. My favorite would be Android. Open source at the core. But, take a look folks, the parts that interact with the public did not come out of any OSS project. Sure, they have very good economic reasons to use the kernal and even a bunch of the drivers from LInux. They sure win by using the Gnu Compiler Collection and all the GNU tools. But, the important parts, the parts that govern the User Experience, are not open. To make a profit you have to make the customer happy.

Right now OSS provides the bedrock used by smart people to build products that makes millions and millions of dollars. The critical parts in those products are not OSS and are NOT returned to the community and the profits do NOT come back to the developers. This is true of the best parts of Android, and Ubuntu.

Well, let the flames flow freely. Remember that when you are flaming me you are defending people who for no reason other than arrogance have prevented OO.o from spreading widely in engineering and science and who seem to be working as hard as possible to drive away the entire Ubuntu user base. Go ahead and defend them. I'm going to get a stiff drink and then try to get some sleep.

Stonewolf

Comment Re:Firewall Builder (Score 2, Interesting) 414 414

Firewall Builder does most of what the submitter is looking for already.

.

Just browsing through here, but I'm surprised (and then again, I'm NOT surprised) at the answers thus far. I get the same replies when I ask a similar question.

What the submitter is talking about is a 21st Century Firewall (capitalized out of reverence). Why not have automatic host discovery? Why should I have to painstakingly come up with a list of all target machines with IP addresses? Is this not 2010? :)

Did everyone miss the question about "jdoe's" computer being connected, and then (and ONLY then) her needed ports being enabled in some other PC on the network? That would actually be a VERY nice capability.

For the record, I've looked at IPCop; Shorewall; SuSEFirewall2; the firewall tools built into Webmin; (and years ago) Mandrake's firewall package; you name it (this is just a partial list off the top of my head). All of them follow the same paradigm: YOU must come up with the list of IPs and ports. If anything moves or changes, YOU have to painstakingly re-enter all of the port/IP info (and hope you didn't miss something!).

So-called GUI interfaces and/or firewall "builder" tools still follow this same basic config paradigm. Just adding automatic discovery would be a HUGE help ... simply put, someone connects a machine, the firewall says, "new PC added at 192.168.1.100, DHCP, it's exposing ports 100, 200 and 500."

Everything I've tried thus far can't even reliably list all PCs on the network! I have to run an NMAP discovery or (under Windoze) something like the Angry IP Scanner. It doesn't make sense.

Some of what the submitter is asking would most properly be done in a really smart firewall/network switch combination. You would probably have to install a small software package on each network machine, too, that could "talk" to the firewall. But the question remains, why isn't this kind of thing available? It *IS* a little surprising (and frustrating) the someone hasn't developed a point-and-click, self-discovering, self-cataloging firewall system by now.

I think the real problem is that true propeller-headed geeks actually *enjoy* poking in stuff with iptables rules at a prompt. They're the most likely to have the skills to develop something like a true GUI firewall, but they're the least likely to want to.

Luck, that's when preparation and opportunity meet. -- P.E. Trudeau

Working...