Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Comment: Re:It freakin' works fine (Score 1) 928

by elgaard (#48285451) Attached to: Ask Slashdot: Can You Say Something Nice About Systemd?

I totally understand why people bother making functionality, I do not need. And I like it, because it means that next time I need something it is probably already there.

What I do not like is that I am being forced (well, pressured, it *is* free software after all) to pay (with computer ressources) for something that I do not need.
 

Comment: Re:Silly (Score 1) 87

by elgaard (#48285401) Attached to: Vulnerabilities Found (and Sought) In More Command-Line Tools

Well, if you are the third AP owner in your neighborhood that has a network name Linksys or Home Network, you should not get into trouble.

If you named you network Logan Airport because you wanted to gain access to passengers computers, you would be breakting the law in most countries.

If you named you network Logan Airport because you were curious to find out how many would connect to it, well I am not a lawyer, but I would say you were on thin ice.

The problem with faked DHCP-servers is not so much that it can take advantage of bash vulnerabilities, most clients should now be updated and not use Bash. It is worse that they can give you bad DNS-servers. That means that the attacker can then do a MITM attack on every single connection, you make. Encryption helps, but not everything is encrypted, and many user would accept a fake SSL certificate.

If you are worried about fake DHCP servers you should configure your DHCP client to use fixed DNS servers (I use http://censurfridns.dk/). You would still be vulnerable to fake accesspoints and fake DHCP-servers that also gave you a fake gateway, but not to bad DNS-servers.
Unfortunately many networks rely on using DNS to implement captive portals for login and advertizing, so you cannot do it for all networks.

Comment: Re:Silly (Score 1) 87

by elgaard (#48283437) Attached to: Vulnerabilities Found (and Sought) In More Command-Line Tools

The hotels usually do print the name of their network on flyers, signs etc.
But an attacker does not have to make up fake names, he can just use the legit name.

At an airport you might see:

- Airport Net
- Airport Net
- HP_Printer.

Where "Airport Net" is the legit offices name, that the airport uses.
An attacker then names his AP also "Airport Net".

Then you see:

- Airport Net
- Airport Net
- Airport Net
- HP_Printer.

There is no way to know that one of the "Airport Net" AP's are not run by the airport.

And even worse.
If the attacker takes an AP e.g. a cafe and name it "Airport Net", there is a good chance that someone will automatically connect to it because they used an AP by that name in the airport.

Comment: Re:Silly (Score 1) 87

by elgaard (#48282357) Attached to: Vulnerabilities Found (and Sought) In More Command-Line Tools

Actually my client does not connect automatically.
Not that i should be a problem, except that it would keep connectiong to networks that I cannot use.

I am telling you that if I stay in a hotel, and I see a network named eg Free_Hotelname_network, then I connect to it and if it works I use it, even though for all I know that network could be running from the laptop of the guy in a room down the hall.

But I should not have care about that. It should not be necessary to trust every DHCP-server I use.

In the same way that I also visit a lot of webservers, that I do not necessarily trust. My browser should not execute insecure bash-scripts.

Comment: Re:It freakin' works fine (Score 2) 928

by elgaard (#48279759) Attached to: Ask Slashdot: Can You Say Something Nice About Systemd?

what pulsed solves is not very important problems, for me at least.
But it introduces strange problems, besides eating CPU-cycles and RAM.

For example, I resently spent some time debugging why icedove occasinally froze. It turned out that it was trying to play a sound, but that went wrong because the user starting icedove was not the same as the user starting the desktop even though both were in the audio group.

It should be possible to make pulse work in system mode, but I could not get it to work well. But deinstalling pulseaudio and just using ALSA works perfectly.

Comment: Re:Silly (Score 1) 87

by elgaard (#48279425) Attached to: Vulnerabilities Found (and Sought) In More Command-Line Tools

In for example an airport you have no way of knowing if it really is the airport that provided the network, you are using.

Even if it is a real airport network, most airport wireless networks are open and unencrypted, so anyone could run their own DHCP server on the network.

In many airport lounges you could just go to the accesspoint and move a few cables to use your own hardware router.

And why should you have to trust airport networks, or networks in cafes, trains, bars, etc?

I think it is reasonable to expect DHCP to be safe.

Comment: Re:Really? (Score 1) 463

by EsbenMoseHansen (#38249610) Attached to: Swiss Gov't: Downloading Movies and Music Will Stay Legal

its stealing either way

Okay, seriously: no, it is not. Copyright infringement is not theft. "Piracy," in the sense you're using the word, is not theft. And anyone who says it is has shown that they have nothing meaningful to say on the subject.

That would be a straw man. The grandparent didn't claim it was theft. He claimed it was stealing. I checked a couple of online dictionaries, and they all contain something like this:

to appropriate (ideas, credit, words, etc.) without right or acknowledgment.

Clearly, the grandparent feel someone is appropriating words or music without right.

You are completely right about the missing apostrophe; however, that rule is so unintuitive that I'll forgive anyone for giving it a miss :)

Personally, I am no fan of the current copyright situation, but that is a separate matter.

Comment: Re:To be fair (Score 1) 484

by EsbenMoseHansen (#38173406) Attached to: Lego Bible Too Racy For Sam's Club

No. True is simply a value we assign to a fact. The only constraint is that it is logically consistent with the remaining true facts.

Objectivity and fact are synonyms. Something that is objective has a truth value that is irrespective of anyone's perceptions or beliefs. A for absolute scale, it depends on what is being discussed-- if it is "existence", the scale is "exists" or "does not exist". Some things have scale with more shades inbetween.

Obviously, because such "facts" as you call them, comes from our (presumably) shared experience of the world. We call them facts because we can measure them, or deduct them from something we can measure. Of course, "facts" might change, either because our world changes, because our measurements changes, or because our deduction techniques changes. E.g, some times ago a number of religious beliefs (say, Jesus's revival) were considered facts, but today we know it not to be so.

But you are saying that evil is defined on a relative, subjective scale, and denying that there is any higher authority to which one could appeal for such an objective scale.

Of course. Doing otherwise would be insane.

The problem remains that you cannot call your own personal beliefs "true" while asserting that they are subjective. Either they are true, or they are not, and truth is NOT subjective.

You got it backwards. We do not instinctively know something is evil because the act is evil; rather an act is evil because we instinctively find it evil.

You can argue that that means that what is evil changes over time, and indeed, this is the case. E.g, the old testament has a lot of stories where one of the many gods therein ordered "his" people to do mass murder and genocides. Such an act might not have been considered evil then, but it certainly is now. I don't know why that bothers people.

Comment: Re:To be fair (Score 1) 484

by EsbenMoseHansen (#38164246) Attached to: Lego Bible Too Racy For Sam's Club

The witch is violated. No one sane can call that act anything but evil, given what we know today.

The only thing that makes earthquakes "not evil" is that no one can prevent them. If you are in a position where you cost-free can prevent and earth-quake, not doing so is certainly evil. And an omnipotent and omniscient god is by definition an entity which could do so.

Whether an event is evil depends on the viewers in question. E.g, I find censoring evil, but not everyone do so. This extends to groups in the obvious manner.

The meta-Turing test counts a thing as intelligent if it seeks to devise and apply Turing tests to objects of its own creation. -- Lew Mammel, Jr.

Working...