Forgot your password?
typodupeerror

Comment: Without Joe, I would have failed Linux (Score 1) 204

by swb (#47586887) Attached to: Comparison: Linux Text Editors

Or taken a lot longer to sort it out and then move on to FreeBSD.

Joe seems very intuitive to me and has just enough power as a text editor to give you free range of config files and basic scripting or even a couple hundred lines of Perl. I've always found vi impossible; the command/editing modes never made sense yet Joe seemed to work "like normal."

I made an honest effort to master emacs, but it always seemed like effort and I always went back to Joe when I needed to get something done.

I actually went trolling recently for a win32 text mode version of joe (which I swear I used to have) but couldn't find one.

Comment: Re:Applies oversea or applies to local access? (Score 5, Insightful) 434

by Trepidity (#47581263) Attached to: Judge: US Search Warrants Apply To Overseas Computers

That appears to be the argument, yes. The court isn't claiming authority to send police officers to Ireland and physically seize the data, or authority to force Irish police to conduct a search. Instead they're demanding that Microsoft (a U.S.-based company) produce the requested evidence, if indeed its U.S. staff have access to it (which they probably do).

I think it's problematic from a practical perspective, but I could see how someone could reach that conclusion. Usually jurisdiction of U.S. persons does extend to their overseas assets, e.g. in an investigation of fraud a U.S. court can demand that you turn over your Swiss bank account records, even though these accounts are (of course) in Switzerland.

The main problem IMO is that it puts companies operating in multiple jurisdictions in a bit of a bind. For example, Microsoft Ireland may have responsibility under EU law to not release data except in certain cases, while Microsoft U.S. is required to release it, meaning the company will violate the law somewhere no matter what they do. I'm not sure whether it's possible to avoid that by really firewalling the access, e.g. make Microsoft Ireland an operationally separate subsidiary whose servers cannot be directly accessed by Microsoft USA staff. But that would certainly complicate operations in other ways.

Comment: interesting, somehow I didn't even know this (Score 2) 161

by Trepidity (#47579483) Attached to: Was America's Top Rocketeer a Communist Spy? The FBI Thought So

Malina is pretty well known in some corners of CS for his work on kinetic sculpture and generative art, and for founding the International Society for the Arts, Sciences and Technology, along with its associated journal Leonardo . But I didn't know he did rockets earlier in his career.

Comment: Re:How is this viable as an attack medium? (Score 1) 204

by stephanruby (#47578235) Attached to: "BadUSB" Exploit Makes Devices Turn "Evil"

Which is to say, if you find a USB drive in your company's parking lot, toss it in the trash if you can't find the original owner.

Actually, you should immediately tell the security people to look for suspicious usb thumb drives in the parking lot. And the next chance you get, you should hand the thumb drive to a person in IT who understands the potential threat of what you're giving him.

Worst case scenario, it will just be a false alert.

Comment: Re:LOL Itanium (Score 1) 134

by Daniel_Staal (#47578163) Attached to: HP Gives OpenVMS New Life and Path To X86 Port

VAX was already on 64-bit for ages when Linux was still in it's earliest versions. It's not going 'x86'. It's going 'x86-64', which didn't exist when Itanium was created. IA-64 was Intel's vision of the future - a complete overhaul of the instruction set. It bombed, but AMD64 wasn't written until several years later - and AMD does nice chips, but they don't really compete in that segment. (Or they didn't in 2001, at least.) It made perfect sense to port to what was supposed to be the new enterprise-class processor, instead of porting to an outdated desktop-class processor.

Linux on x86 can do lots of things, and is a very good system for many situations. If you need big iron (and the capabilities it provides - things like being able to upgrade or replace CPUs on running machines without downtime), VAX is better. In many cases you don't actually need big iron - a cluster of Linux boxes will do just fine. But when you need it, nothing else will do.

Comment: Re:If there have been signs..... (Score 1) 134

by Daniel_Staal (#47578017) Attached to: HP Gives OpenVMS New Life and Path To X86 Port

Exactly: I'm sure there are tons of custom apps written for VMS in banks, insurance companies, railroads, etc. These are places where 'if it works, don't break it' rules, and VMS is working, and has worked for decades. Being able to buy support and replace hardware is valuable to them, and I wouldn't switch platforms in their place unless there was no other option.

Comment: Re:USB 4.x to offer signed USB device signatures?? (Score 1) 204

by Mr. Slippery (#47577479) Attached to: "BadUSB" Exploit Makes Devices Turn "Evil"

Plug your USB stick or disk or keyboard into the Pi, and if it reports that there's a new not-a-USB-stick/disk/keyboard, you know there's malware on the device.

So I'll make my malware pretend to be a plain old USB stick for the first N hours. Then it will simulate an unplug and replug itself in as a keyboard that types "format c:\ncat /dev/zero > /dev/sda\necho bwah hah hah!\n"

It's a basic principle that if an attacker can compromise your hardware, you're fscked. But it looks like the new part is that the malware can go viral, reprogramming USB devices. Whoever was careless enough to release a USB controller with firmware that can be arbitrarily reprogrammed from the host computer needs to be taken out and shot.

Comment: How many have been bulk-mailed for Fortune 500s? (Score 3, Insightful) 204

by swb (#47574753) Attached to: "BadUSB" Exploit Makes Devices Turn "Evil"

If you had the money/resources, you could create these things by the thousand and bulk-mail these to major companies. It would stand to reason that somebody would end up plugging them into their office computer, enabling a back door.

You could go even further and create hacked 5 port switches or access points and ship them off to big company branch offices, where users may be more likely to ignore standards or be short on resources and use those kinds of things anyway. You could put a return label on it for the office supply company or even the HQ office so that users thought it was something they had gotten by accident.

I'd bet in a lot of cases people would just say "sweet" and go ahead and use them in the office, giving you a back door. A switch or access point would have enough space inside that custom hardware could be inserted giving a lot better back door, like having your own computer on their network.

Comment: Re:its only property when its the RIAA. (Score 2) 110

by swb (#47574235) Attached to: Countries Don't Own Their Internet Domains, ICANN Says

I think the GP has a point. Why is one part of the domain name considered property but the other part isn't? It doesn't seem to be internally consistent. It feels like tortured reasoning when every other aspect of DNS is treated like property.

If TLDs aren't property, how can any entity control and regulate them? Doesn't that require the kinds of power that imply ownership?

Doesn't ICANN make money of registrars who effectively sell TLDs?

What this country needs is a good five cent microcomputer.

Working...