Forgot your password?
typodupeerror

Comment: For what value of trust? (Score 5, Interesting) 196

by gujo-odori (#41711231) Attached to: Kaspersky's Exploit-Proof OS Leaves Security Experts Skeptical

There are a lot of levels of trust. For a machine that doesn't handle anything secret or financial data (including personal), Windows is generally good enough, for all its long history of exploits. Even then, many, many people and organizations use it for things that are secret or financial data anyway. Sometimes they get burned that way. A Mac is (maybe) a little better. Linux is better still.

Then there's a level of trust way out at the extreme end. If the secrets are serious enough, you can't trust the system you built it yourself from source and audited every single line of said source. Since hardly anyone can do that, having it audited and built by people you trust (in the case of the government, the NSA, for example) has to due. If it's even more sensitive, the network, or maybe even the machine, should also be air-gapped.

If you have a sensitive use case such as, oh, I don't know, running centrifuges to enrich uranium, should you trust a binary OS that wasn't built by your people to be either secure against exploits or to not be already trojaned? Of course not. Just ask the Iranians. Or the Russians themselves, who had a little refinery trouble during the cold war because of that.

In such a case, you either want your people writing the code, or at least very carefully auditing every single line of the source, then building the binaries from that code. If you don't or can't, especially in the case of embedded systems, you cannot have any confidence that software is even secure against exploits, let alone that it won't turn on you.

Comment: Re:I have to challenge this (Score 1) 170

by gujo-odori (#41695931) Attached to: Zero Errors? Spamhaus Flubs Causing Domain Deletions

Most spam is sent through botnets, so it's already anonymized. It's only the small operators, or specialists like 419 spammers (who are still all small operators, really) who bother to create or compromise free webmail accounts.

We like botnet spam because we can drop nearly all of it at connection time without ever resorting to far more expensive layers in our defense.

Comment: Re:I have to challenge this (Score 1) 170

by gujo-odori (#41695887) Attached to: Zero Errors? Spamhaus Flubs Causing Domain Deletions

Either you know perfectly well what I said (and it's not what you claim I said), in which case you're a liar, or you actually believe I said that. If the latter case, then you're too stupid to read, too lazy too read, or same mixture of the two.

As for my clients, well, there's a reason why my employer is number one in the email security industry.

Comment: Re:I have to challenge this (Score 1) 170

by gujo-odori (#41689309) Attached to: Zero Errors? Spamhaus Flubs Causing Domain Deletions

You sound like you skipped straight to the comments without RTFA. Since you are implying that you're an SA in a government shop, I guess all I can say is "My tax dollars at work :-/"

If you had read the article, you'd know that the DBL is not an open proxy blocklist (not that open proxies shouldn't be listed, mind you), but a blocklist of known spamvertized domains. The registry, apparently, was using the DBL as a feed for domains to lock for spamming. You can discuss amongst yourselves whether or not that's an appropriate use of the DBL, but as I demonstrated in my post, it's highly unlikely that Spamhaus made a mistake. The two domains in question probably really were used in spam, and I think that the registry's locking known spam domains is generally a good think - especially when they are the registry for that spam cesspool commonly known as .info.

Comment: Re:Don't kneejerk react, readers (Score 1) 170

by gujo-odori (#41687203) Attached to: Zero Errors? Spamhaus Flubs Causing Domain Deletions

Yeah, I know who he is, and to be forthright, he was not being honest in his article. OK, you could make an argument that he's just a principled wearer of a tinfoil hat, but I believe he was actively seeking to deceive. He knows perfectly well that spammers abuse proxies like his all the time and that they see far more use by spammers than by people actually evading censorship. He also knows, or should know, perfectly well that Spamhaus did not put those domains on a blocklist because they were on his mailing list. They listed them because they were used in spam.

Take a look at the banner ads on those pages. "Get a green card" ads. Looks like he'll take money from _anyone_ to keep his proxies afloat. The end justifies the means, doesn't it?

Automated systems have been making the blocking decision [1] for a long, long time. I've been involved professionally with email and web security since the late nineties and they were doing it even then. Sure, there are some that are not at reliable and have unacceptable FP rates and no problem at all with collateral damage (you probably know who I'm talking about), but Spamhaus is not one of those. My view of Spamhaus is that they are a worthy and highly accurate competitor. I like automated systems. We all know - and I'm sure he does, too - that email would be useless without them.

As for the real person gripe, well, I'm a real person and I make the conscious decision to use automated tools to defend my inbox, so he can deposit that argument in the nearest available spam folder :-)

[1] Technically, of course, they haven't. They merely report what they've observed. The decision on what to do (reject, drop, quarantine. insert header, modify subject, or do nothing) rests with the subscribers to those systems. There's that pesky real person again :-)

Comment: I have to challenge this (Score 5, Insightful) 170

by gujo-odori (#41687013) Attached to: Zero Errors? Spamhaus Flubs Causing Domain Deletions

Like the subject says, I have to challenge the claim that Spamhaus is wrong (full disclosure: I've been professionally involved in email and web security for more than a decade, but am not, and have never been, affiliated with Spamhaus. I do, however, hold them in high regard).

First of all, when I went to those domains, what was the first thing that caught my eye? "Get a green card" ads for usagc.org. I'm not specifically accusing usagc.org of spamming, but these sorts of businesses are most typically advertised by spam. I'm sure you've seen some.

Next, those sites are open proxies (by design). Anyone can create a URL like this: http://rootface.info/ojgnl.php?ZlQc9TMpAmsr3onaDWV0g=t1wn6QmM0TaAEo7rD%2F%2Bm%2Fy%2B365U2AwdnE4VH60DF8%2BU%3D (nothing dangerous, it goes to cnn.com, but of course, you shouldn't trust me) and send it out in spam advertizing whatever they want.

Finally, you do not appear to state anywhere in your article that Spamhaus said your proxy mailing list was the source of the spam complaints (although they would not tell you if it was), and I doubt that it was. The most likely scenario is that someone abused your proxies to send spam, and since running an open proxy (regardless of noble motive) makes you complicit in that abuse, Spamhaus listed those domains.

Whether the registry's actions were justified or correct is a separate consideration. Maybe they were, maybe they weren't, but you are claiming without evidence that Spamhaus made a mistake. I'm pretty confident they didn't, for the reasons outlined above.

Comment: Re:No suprise there (Score 1) 488

by gujo-odori (#40391505) Attached to: U.S. Students Struggle With Reasoning Skills

My kids recently moved from public school to Catholic school, and without even bothering to address all the "tolerant" anti-Catholic bigots posting here (they'll get theirs), I'll say straight up that the Catholic school curriculum and (especially) academic and behavioral standards completely leave the public school system in the dust. My kids were both near the top of their grades in public school, but have found this transition year very challenging. They had to work much harder than the year before in public school, and still both ended up in the bottom half of their classes.

Jesuit schools are even tougher; this one is just a regular parish school.

You can get a secular private school education that is academically (if not ethically) as good as a Catholic education, but you'll pay far, far more to get it.

Comment: Go Comcast! (Score 1) 224

by gujo-odori (#40316607) Attached to: Comcast Refusing To Comply With Piracy Subpoenas

I've been a Comcast subscriber for nearly 2 years and unlike many of you, have always been happy with their service, despite having misgivings about Comcast behavior which I believe to have been truthfully reported.

However, my respect for Comcast has now soared. They not only grew a pair, but they're big and they're solid brass :D

Comment: Prior Art (Score 1) 326

by gujo-odori (#40261337) Attached to: Apple Granted Broad Patent On Wedge-Shaped Laptops

Setting aside the fact that a wedge shape doesn't sound non-obvious, I had an old DEC laptop with a 486-DX4, and IIRC it was wedge-shaped. It may have been the battery that gave it the wedge profile, but a wedge is a wedge. I wish I had some pictures of it. When I left Japan in 2002 I gave it to someone. It was so sleek looking even then that it would have looked perfectly at home on a shelf next to a brand new Vaio, which was far and away the sleekest looking notebook of the day. I ran Red Hat on it, and later Debian, with Window Maker.

Comment: Re:If they don't like it (Score 1) 687

by gujo-odori (#40250695) Attached to: A Day In the Life of a "Booth Babe"

They may feel like the job isn't as described, or that they aren't paid enough, or be unhappy because they are required to do work that is (way) outside of the job description and put in 60 hours/week, every week. But you don't hear people complaining with "This job sucks! It's just like they told me it would be at my interview!" Or at least if you did, you'd tell them to bugger right off.

It's like a mailman complaining because of having to walk around with a mail bag. Don't like that kind of work? Don't apply for it.

Comment: Re:If they don't like it (Score 1) 687

by gujo-odori (#40250651) Attached to: A Day In the Life of a "Booth Babe"

It's not that they should like it, but c'mon, nobody held a gun to their heads and forced them to be booth babes. They're the ones who chose to make their living primarily with their looks, combined with the ability to stand around and smile all day and act like they aren't bored.

$100 - $130 for 2 hours work? That's pretty good money. Being a booth babe isn't full-time work, but for the hours they work, they make more than most software engineers. I bet strippers don't make that much, either. If the job is so onerous, they are free to quit and find some other job that uses whatever other skills they possess.

WRT the standing in heels thing they talk about, they just aren't spending enough. My wife is a hair stylist, and she usually wears heels. She says you have to really spend to get comfortable shoes. I can tell you that her shoes are pricey, as are the tools of her trade. I view the shoes as a tool of the trade. You wouldn't believe what a good shears costs. The shoes are cheap compared to that :p

As to whether having booth babes is sexist or not, I'd say that it's not. Sexual? Sure. But that's not the same as sexist. Sexist is denying someone a promotion, raise, or job because of gender. Hiring a couple hot women to wear cocktail dresses (or handsome men to dress like Chippendale dancers) and stand around holding your product at a trade show is sexual. There was nothing sexist about the Asus tweet, or even untrue. The model does, in fact, have a nice ass. But there is no requirement (as far as we know, anyway) that their customers must have nice asses to be allowed to buy the product, or that their employees must have nice asses to get raises or promotions. Such a requirement would be sexist.

Was that tweet stupid? Yeah. But what is Twitter, if not a service to assist in proving to the world that you're dumb? Was it sexual? Yeah. Was it sexist? No.

Comment: Re:Missing the obvious (Score 1) 1034

by gujo-odori (#40114879) Attached to: Are Porn and Video Games Ruining a Generation?

This is a good point, I'd mod you Insightful of I had mod points and you weren't AC :)

The fact of the matter is, most of us guys probably wouldn't put up with women except for three things: tits, pussies, and the fact that most of them can cook better than most of us :-) Smiley, but serious all the same.

On the other hand, most women probably wouldn't put up with guys except for dicks, and the fact that we can lift heavy stuff and unscrew really tight jar and bottle caps.

It's only our differing abilities and needs that enable us to tolerate one another enough to get married :-)

And I fully expect that once sex robots are perfected to the point that they've passed the uncanny valley (or maybe before, for some people), there will be a percentage of guys who will just buy a sex robot (or two or three) and flip the On switch when they want to get laid, then send the robot back to its storage location and get a good night's sleep.

A few women might buy them as well (after all, what guy could match the stamina of a sex bot), but I do expect it will be a mostly male thing.

Comment: I don't buy it (Score 1) 1034

by gujo-odori (#40114807) Attached to: Are Porn and Video Games Ruining a Generation?

I don't buy this.

There wasn't much in the way of computers when I was young (we had a dial-up system with a DECWriter II at my middle school, and I spent a lot of time on it once I got there. Before middle school and after (since my high school had no computers), I spent my time on fishing and cars, two things that few girls were interested in, then or now. I also read a lot, something girls do a lot, too, but it's a solitary activity, and my reading interests didn't align with girls (I was Lord of The Rings; they were ponies, Nancy Drew, etc.)

Despite having a mostly geek childhood and adolescence, I grew up, dated, had girlfriends, got married, had kids, all the usual things that most people do.

Video games? Was never heavily into them, but did play when I was single. Have a Wii now, but the kids use it more than I do. My wife uses it more than I do, too.

Porn? Not much time for that, either. I watch it now and then. Usually with my wife. The article acts like women don't watch porn, but I can assure you that many of them do.

In short, I think TFA is a load of crap.

Comment: Re:Well, if they're going to generalize, I am too (Score 2) 1034

by gujo-odori (#40114715) Attached to: Are Porn and Video Games Ruining a Generation?

I agree with you, but like one of your respondents said, even that doesn't always work. I know a dude who, in the opinion of both my wife and myself, is still basically a kid. Despite being generally responsible, having a decent job, being a home owner, having two normal kids, this he's still at the center of his universe, and awfully cocky about it, too.

How he became a home owner is telling. He and his wife recently made the decision to buy a house. Not long after the decision was made, out of the blue he hit her with "Let's buy one in this resort area that I go to really often (side note: usually without her or the kids) to do this sport that I'm really into. I'm sure my company will let me work remotely." Surprise.

He's the dominant one in their marriage, so she quit a good new job that she's been doing for a few months and at which she's already had a promotion, which of course was to the great surprise and disappointment of her employer. The kids were uprooted and moved to a new school in the middle of the school year. There's little to no tech work in this resort area, so it's going to make it hard for her to find a new job, compounded by the fact that she quit her old one after only about 6 months.

Today's scientific question is: What in the world is electricity? And where does it go after it leaves the toaster? -- Dave Barry, "What is Electricity?"

Working...