Forgot your password?

Comment: You had a VM w/ VLAN; TechCentral took a big risk (Score 1) 221

by Paul Fernhout (#47761163) Attached to: TechCentral Scams Call Center Scammers

I cant believe more people aren't pointing out how potentially dangerous what the TechCrunch author, Regardt van der Berg, did was. He gave a potential unknown attacker a beachhead inside the TechCentral network, even if only for a few minutes. That is long enough for someone to potentially have compromised other machines on the network.

The article says: "We have a spare PC in the TechCentral office that has been newly installed and that contains no personal information. I used this machine for the next part of the ploy. I installed the application and provided "John" with the access details. ... Because I did not furnish my PayPal or credit card details, the scammers turned nasty and proceeded to my documents folder. I saw the engineer poking around in some folders, but I promptly disconnected the office Wi-Fi connection. After some research, I found out that they'll delete system files and users' personal documents. Fortunately, I disconnected before they managed to delete files on the dummy PC -- not that there was anything of value for them to delete."

At that point, regardless of what was done to that specific PC, they have to assume the attacker could compromise every machine on their network by exploits launched immediately from that machine in the background at all other computers on the network, like through potentially zero-day exploits such as for unpatched Microsoft issues relating to local workgroup file sharing or other services. They cant assume they knew everything the attackers were doing. That's why it's been said that firewalls, like some lollipops, are "crunchy on the outside and chewy in the middle". The article author does not say he re-imaged the PC either. Granted, his informative article that may help many other potential victims was maybe worth the risk, but he should at least make clear to his readership what those risks are and that he understood them and accepted them on behalf of helping his readership.

Contrast with what your setup, where the VM was on its own virtual LAN and so presumably could not get to other machines on your local network. And as a snapshotted VM, you can easily roll it back. Still, if you had installed software, how risky that was would also depend on the exact network configuration and how that VM's VLAN interacts with your gateway to the internet -- as in whether the VLAN to gateway interface via whatever virtualization software you were using was set up like guest networking with isolation from other guests. One mistake somewhere in configuration (or even with no mistakes and buggy virtualization software), and your production network could have been compromised. And as you said, there could be credentials on a test machine like SSH keys and such. You did the right thing by not installing anything.

Granted, it doesn't sound like these examples of scammers are doing internal network attacks, but you never can know for sure what they really intend...

Comment: ...because giving them a hardwired unique ID... (Score 1) 455

by rgbatduke (#47756983) Attached to: 33 Months In Prison For Recording a Movie In a Theater

...that enables the thief to be arrested and the phones returned to their actual owners the first time the miscreant tries to connect the phone to a service provider, that would be, I dunno, undemocratic. Un-amurrican. Besides, it would undercut the important corporate businesses that insure phones, make new phones, sell you upgraded phones, and they employ a lot of people. If we actually arranged it so that phone theft is impossible because stolen phones could always be traced the first time the non-owner tried to register to use them anywhere in the world, how would poor people and unemployed teenagers ever get smartphones?

No, it makes much more sense to completely rearrange it so that the phones can automatically be turned off when they are stolen (or whenever some official wants to violate your civil liberties without a warrant) and not even try to arrest the criminals. Our police are too busy busting pot smokers, underage beer drinkers, and giving out citations for expired boat trailer license plates -- y'know, keeping those streets safe -- to bother to run down actual theft, even when it is impossible to use the stolen device without connecting it to a network that can locate it to within a meter or so almost anywhere in the world at will.

This makes complete sense. Go California!


Comment: Examples of nothingness as the fuel for something? (Score 1) 7

by Paul Fernhout (#47747899) Attached to: What is Nothing?

Romulan spacecraft in Star Trek: TNG were supposedly powered by an artifical quantum singularity (a black hole).

Robin Williams' life and comedy can only be understood in light of a deep depression and related suffering throughout his life. No doubt many other artists and creators have that sort of (negative) inspiration.

Michael Ende's "The Neverending Story" has an expanding "Nothingness" that drives the plot.

Jack Chalker's sci-fi Well World series, specifically "The Return of Nathan Brazil", has a spreading nothingness as a rip in space-time created via powerful weapons (the Zinder Nullifier) as a major driver of the plot.

Other examples?

+ - What is Nothing? 7

Submitted by Paul Fernhout
Paul Fernhout (109597) writes "Fraser Crain explores the issue of "Whether there any place in the Universe where there's truly nothing?". That article is also discussed at One comment there by Evgenij Barsoukov uses the rules for finding mathematical limits to compute the probability of the Universe coming into spontaneous existence out of absolute nothingness at 0.6...."

Comment: Insightful point on communities; thanks! (Score 2) 484

by Paul Fernhout (#47744657) Attached to: If Java Wasn't Cool 10 Years Ago, What About Now?

I'm moving more of my own work from Java to JavaScript, but that is mainly because JavaScript is easiest to deploy almost every where. I generally like Java+Eclipse better for big projects otherwise. However, with tools that compile other languages to JavaScript, and browsers that can get near native performance from JavaScript if written in a certain way, I'm hoping the "JavaScript" approach will continue to gain in benefits because it is just easier to deploy than Java. It's too bad Java app deployment to the desktop was never a real priority (even with Java Web Start). As an example of the difference (including in sandboxing), some school teachers can get fired for installing new software without permission (which could include a Java app which can do anything), but they can use a web browser to load up an educational web page which uses JavaScript to run a simulation without too many worries.

I fought against Java back in the late 1990s compared to using Smalltalk. Back then Java was just a mess and a mass of hype. But I can accept Java is now a half-way-decent solution for many things now that many of the worst rough edges of Java have been smoothed off. I still miss Smalltalk though, and to some extent (not all), JavaScript recaptures some of the Smalltalk flavor and community -- if I squint just right, I can kind of see the entire Web as one big multi-threaded Smalltalk image. :-)

Comment: Re:say it again (Score 1) 239

by Alsee (#47744635) Attached to: Latest Wikipedia Uproar Over 'Superprotection'

No "fact checking" will ever be allowed on many subjects, such as "Auschwitz", where even total myths are allowed to remain as though they were "facts". References are only made to other myth-supporting documents to support the articles. Anything that fails to support the myth is deleted.

You will instantly and consistently get shut down on Wikipedia.

The reason for that is that you are a Truth Crusader. It doesn't matter if you are Right or Wrong. Wikipedia shuts down Truth Crusaders on EITHER sides of any issue by simply declaring that Wikipedia is not a place to debate, or resolve, matters of Truth. Wikipedia pages are not filled with "Truth", Wikipedia content accurately reflects the content of "Verifiable Reliable Sources". If "Reliable Sources" consistently state something which happens to be false then Wikipedia is going to ACCURATELY report that that is what Reliable Sources say.

(Some might comment on the contradiction of "Reliable Sources" which contain false information. The world is an imperfect place, and no one can expect perfection in anything. The definition of "Reliable Source" is a set of criteria that establish a broad class of sources as reasonably reliable in general, independent of the fallibility of any particular source on a particular thing. So yes, a Reliable Source can be wrong, and Wikipedia will accurately reflect that wrong information up until the point when other Reliable Sources correct that information.)

If you want to wage a Truth Crusade exposing the "myths about Auschwitz", then Wikipedia is not the place to do it. Wikipedia does not and will not lead on that subject, nor will it lead on any other subject. Wikipedia follows. Wikipedia follows Reliable Sources. If and when you convince Reliable Sources to expose myths about Auschwitz, Wikipedia will gladly update to accurately report what those Reliable Sources say.


Comment: Re:make credibility a metric (Score 1) 239

by Alsee (#47744335) Attached to: Latest Wikipedia Uproar Over 'Superprotection'

Make credibility a visible metric assignable by the deletionists or anyone else. Articles don't need to be deleted for lack of credibility. It works the same here on SlashDot with scores. Give users the choice of seeing only highly-credible articles if they want.

That sounded like an interesting idea.... for about 30 seconds.
Then I realized that it wouldn't solve anything, it wouldn't improve anything. It would just make things worse. Much worse. People would just start waging war over credibility. When it comes to notability, simple, you dig up three reliable sources on a subject and BAM, YOU WIN! Fight over. Inviting fights over credibility would be a never ending flamefest disaster.


Comment: Calvin Coolidge on Persistence (Score 1) 441

by Paul Fernhout (#47736335) Attached to: Tech Looks To Obama To Save Them From 'Just Sort of OK' US Workers

From: "Nothing in the world can take the place of Persistence. Talent will not; nothing is more common than unsuccessful men with talent. Genius will not; unrewarded genius is almost a proverb. Education will not; the world is full of educated derelicts. Persistence and determination alone are omnipotent. The slogan "Press On" has solved and always will solve the problems of the human race. (Calvin Coolidge)"

Of course, it has also been said: "Insanity: doing the same thing over and over again and expecting different results. (Albert Einstein)"

Perhaps the difference lies in having some way of validating that you are making some progress through your persistence, even if infinitesimally?

Comment: Insightful! Govt. & US Post Office might also (Score 1) 62

by Paul Fernhout (#47736141) Attached to: UPS: We've Been Hacked

Sharing such rarely changing authentication data is at the heart of the issue as you point out. It seems like a trade-off of convenience and security with some background fraud cost. However, the issue is always convenience for who and fraud for who? In this case, banks have succeeded in mostly privatizing gains from transactions costs from credit card transaction fees while socializing the cost of identity theft to the general public (who have to change their accounts, deal with years of worries, try to straighten out fraudulent charges at riskof not being able to get a job or buy a house, etc.). This is an example of capitalism at its finest from one point of view -- privatizing gains while socializing costs and risks. That is when we need government (as the will of the People) to step in and force banks to internalize the cost of identity theft rather than pass it on indirectly. Ultimately, that might have to be done by big fines for breaches or taxes on unsecured transactions. And if banks had to do that, they would probably rapidly deploy something better because it would be cheaper than raising costs to customers and losing business to other banks that did implement better systems.

Perhaps the only worse thing is when businesses in the USA are allowed to use essentially unchangeable info about a person like date of birth or social security number to authenticate them. Other countries seem to handle this better by having an additional private PIN as part of a SSN. Some also include using the post office as part of the authentication process (like to present your ID at the post-office to approve some transaction or initiate some communications link). I'm surprised the US post office (which handles US passports now) does not get involved with authentication in general, as it seems like a surefire money-maker in the digital age, and the US post office already has procedures in place from passports to verify identity.

Comment: Very well put; see also cancer-preventing foods (Score 2) 185

by Paul Fernhout (#47724559) Attached to: New Research Suggests Cancer May Be an Intrinsic Property of Cells

Neat post. Conceptually, single-celled organisms can't get "cancer" because, in a way, they are cancer. However, they no doubt can suffer mutations or other genetic changes (like from viruses) that make them survive and reproduce more or less well, all things considered for their current environment. Cancer has to do with a cell deciding not to play nicely with the rest in a body, and to strike out on its own, so to speak. Cancer in general is a bit like a crazy individual or small group in a society trying to take over the whole thing (current US plutocrats?); generally it works out badly for everyone as core services start to fail and the cancer cells are no longer supported by the rest of the body. Cancer is like spammers, who for a quick buck in the short term, are busy destroying email and the rest of the internet that could otherwise bring everyone abundance. Cancer is about "selfishness" where the individual ignores its part to play in the whole and where the whole supports the individual. But since evolution involves variation and selection, the underlying mechanism of cancer via mutation or viral infection also in a sense underlies evolution. So yes, it will always be with us.

I've heard most people in the USA age 40+ years old have cancerous cells in small amounts, but the immune system is continually killing them off to keep them from spreading.

Good nutrition helps with that, like Dr. Joel Fuhrman talks about
"Though most people would prefer to take a pill and continue their eating habits, this will not provide the desired protection. Unrefined plant foods, with their plentiful anti-cancer compounds, must be eaten in abundance to flood the body's tissues with protective substances. Vegetables and fruits protect against all types of cancers if consumed in large enough quantities. Hundreds of scientific studies document this. The most prevalent cancers in our societies are plant-food-deficiency diseases. The benefits of lifestyle changes are proportional to the changes made. As we add more vegetable servings, we increase our phytochemical intake and leave less room in our diets for harmful foods, enhancing cancer protection even further. Let's review some of these research findings and then review what a powerful, anti-cancer diet will look like. ... A typical anti-cancer diet should contain at least 4 fresh fruits daily, at least one large raw green salad, as well as a two other cooked (steamed) vegetables, such as broccoli, carrots and peas, squash or other colorful vegetables. A huge pot of soup laden with vegetables, herbs and beans can be made once a week and conveniently taken for lunch. Raw nuts and seeds are another important, but often overlooked, group of foods with documented health benefits contributing to longevity. ..."

One thing Fuhrman misses in his discussion is that these compounds are not "Anti-cancer" as much as the human body has adapted via evolution to use these compounds to prevent or fight cancer.

He is right that cancer is best prevented rather than treated. As I've heard, it said, you can either get your chemotherapy every day from fruits and vegetables, or you can end up getting it all at once in the oncologist's office (not that most current chemotherapy is probably worth it anyway).

Fasting may also sometimes help prevent cancer as well as can a ketogenic (fat burning) diet that deprives cancer cells of sugar.

But your point stands that this is all combinatorial (statistical, entropical?) about when something gets out of hand. Even when we have Elysium-like medical beds that get rid of cancer instantly, some computer virus or malicious person may make them work incorrectly. Or, as in the movie, selfish elites can keep the healing beds to themselves.

Comment: Maybe Dr. Smith left the cap off the bottle again? (Score 1) 303

by Paul Fernhout (#47717031) Attached to: Scientists Baffled By Unknown Source of Ozone-Depleting Chemical
"Don and John come out of the ship asking about carbon tetrachloride. Smith says he uses it to remove stains--he's used it and left the top off. John asks him if he has any thoughts besides his immediate needs---without the carbon tetrachloride they will lose their food supply. They use it as food preservation (NOTE: how is a mystery---it is highly toxic). They will have to eat only non-perishable items and now face a food shortage (what about the hydroponic garden?). ..." :-)

Will Robinson saved the day on that episode, but he had to come all the way to Earth via an alien matter transporter to do it.

Kidding aside, you make a great point!

At work, the authority of a person is inversely proportional to the number of pens that person is carrying.