×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Schneier Explains How To Protect Yourself From Sony-Style Attacks (You Can't)

EndlessNameless Re:Sure... (330 comments)

So your suggestion is, let's keep all of our super important stuff on a front-end facing system in the first place.

I never said that, but thanks for throwing an asinine straw man up there.

They can probably lock things down better than they did, but I don't work at Sony and I haven't seen their network diagrams so I can't really say. But the idea of air-gapping financial systems for a company of Sony's size is mind-boggling stupid.

Even something as simple as warranty work breaks down without automation. Every authorized repair depot needs some way to order parts, submit claims, and receive payment at an absolute minimum. If you air-gap the systems for that, guess what happens to time and cost of warranty repairs? And this is just one facet of the business.

So right there, you have network-accessible procurement, payment, and personally-identifiable information (customer name/address and product serial number are typically included in warranty documentation). Waving the magical air-gap wand as a security fix means nothing if it fundamentally breaks the way the business operates.

So yes, Sony probably fucked up somewhere. If they're like most businesses, there are probably multiple problems with their infrastructure. But pretending there's a simple answer is just ignorant and does absolutely nothing to advance the discussion or solve any real-world problems.

2 hours ago
top

Schneier Explains How To Protect Yourself From Sony-Style Attacks (You Can't)

EndlessNameless Re:Sure... (330 comments)

If you air gap email and financial systems, you're stepping right back into the mid-1900s. Back when it took an entire office of secretaries to process correspondence, and another office full of accountants to handle billing and ledgers. Because if those systems are disconnected, someone will have to transfer reams of data in and out of them. That is no longer feasible.

Your suggestion is so completely impractical, I wonder why you joined slashdog in the first place. You clearly have no understanding of modern IT.

2 days ago
top

Verizon "End-to-End" Encrypted Calling Includes Law Enforcement Backdoor

EndlessNameless Re:This should be free (166 comments)

And your solution only works for entities with which you have a pre-established relationship and a shared secret (in this case, your personal information).

This does not solve the general problem of identifying an entity on the internet with whom you have no shared secrets.

This suggestion is nowhere near being a replacement for existing CAs as they are currently used.

3 days ago
top

Hackers Compromise ICANN, Access Zone File Data System

EndlessNameless Re:Apparently I've been a hacker for years (110 comments)

If you actually read the article, you would see that they had administrative access to the zone files. Which means they could have changed whatever they wanted. They also had access to usernames and passwords, so hopefully no one used the same credentials elsewhere.

Get back to us when you pull that off with whois.

3 days ago
top

Ask Slashdot: Can a Felon Work In IT?

EndlessNameless Re: America, land of the free... (720 comments)

Pretty sure he's going off what was disclosed on the "Have you ever been convicted... ?" section of the job application.

about two weeks ago
top

Displaced IT Workers Being Silenced

EndlessNameless Re:The truth is not disparagement. (398 comments)

Since non-disparagement clauses are almost exclusively used in severance agreements, there is a disparity in power that makes them practically coercive. I have no problem condemning them in that context.

You seem to be confusing a few things here, though. True statements can be disparaging in nature. Google it if you're inclined to argue because it's rather cut-and-dried---and not worth arguing over.

And no, they do not have to specify what you cannot speak about. If the severance agreement prohibits disparaging statements, it's pretty much carte blanche for legal action if you say anything bad about them. They may not choose to file suit for something as simple as saying, "XYZ Company sucks!"---but they could. You're free to walk away without a severance package if you don't like their terms. Most companies are not willing to negotiate the matter with someone they are in the process of terminating.

Should you happen to disparage the company after signing a typical severance agreement, they can sue for the severance pay and possibly even the cost of benefits during the severance period (if they continued your benefits, of course). They may also be able to recoup their legal fees.

I have seen a lot of people in that situation, and a cavalier attitude never ended well. Unless the employer actually breaks a law, the asymmetry of power is simply too great.

about two weeks ago
top

Windows 10 Adds Battery Saver Feature

EndlessNameless Re:Stable enough? (96 comments)

None of that stuff has any value on a gaming PC.

Not to mention the price bump, assuming this is acquired legally.

The Standard editions of Microsoft Server are no longer economical for home use. And using a cracked OS is borderline moronic---if they can crack the activation, they can certainly insert a root kit and other goodies.

about three weeks ago
top

Windows 10 Adds Battery Saver Feature

EndlessNameless Re:Stable enough? (96 comments)

You should be able to dual boot and decide for yourself. Given the lack of security updates for Windows XP, I wouldn't touch it personally.

That stuff they patch every month usually includes at least one or two really bad things.

about three weeks ago
top

The Cost of the "S" In HTTPS

EndlessNameless WTF... (238 comments)

Stupid article. Making a mountain out of a mole hill.

How hard is it to push a certificate to your clients so they trust your proxy? How hard is it to setup a cache there? And monitoring/filtering? Not very hard.

We do this at work, and it is dead simple for halfway competent admins to implement.

What this really does is stop telecoms from monkeying with their users' traffic. By default, anyway.

Most ISPs provide Windows installers/optimizers to their users, which their users dutifully click through without understanding. So they could just install their certificates and continue business as usual---with very little effort, all things considered. They might need beefier proxies to handle encryption, but CPU time is cheaper than ever.

about three weeks ago
top

Openwashing: Users and Adopters Beware

EndlessNameless Re:The End-Users most of the time don't really car (96 comments)

Doing this on 2-3 workstations will take longer than creating and linking a GPO, nevermind a change that needs to go network-wide. Granted, the GPO may take an hour or two to propagate and you could finish quite a few machines by hand in that time, but the actual admin time required to implement it is much lower.

Windows wins for enterprise. Yes, Linux is technically better at the things its developers focus on---no question there. But kernel development hasn't provided the same level of enterprise management tools that Microsoft does, nor does any free distro. Puppet and RedHat Satellite are good, but they are also paid-for extras.

about three weeks ago
top

Openwashing: Users and Adopters Beware

EndlessNameless Re:The End-Users most of the time don't really car (96 comments)

You're arguing when you don't understand the basic proposition. First off, he's not "purchasing a product from Windows specifically for group policy"---that is part of the OS. Second, his primary point seems to be total cost of ownership rather whether or not certain functionality is available.

He's saying those things are more expensive to implement on Linux---either you have to buy them or pay more in labor to get them. He's not wrong.

From your own examples, OpenLDAP takes considerably more time and effort to setup.

MS Active Directory is one command, five minutes of installation, and a reboot. The defaults work---as in, nothing else to configure manually---it even opens the necessary ports in the Windows firewall. It includes the group policy functionality he indicated, and it works out of the box with every version of Windows anyone has any business running anymore. Yes, the OS license costs money, but intelligent deployment really makes this a minor per-server expense (i.e., buying Datacenter licensing with decent virtualization density).

Nagios and SCOM both cost money---it's either licensing fees for the packaged version of Nagios or labor for the source/DIY version. Puppet costs money to do for Linux what Group Policy does for Windows. The labor to sustain the Linux solutions will probably cost more even if it is as simple as SCOM/GP because MS has a huge pool of labor to support their product. I can probably find dozens of competent AD admins within a reasonable commute distance---the number of competent OpenLDAP, Nagios, and/or Puppet admins is going to be significantly lower.

Microsoft is actually very good at catering to small businesses and enterprises---this is where known costs, straightforward deployment, quick and effective configuration management, and simple sustainment are important.

about three weeks ago
top

Fraudulent Apps Found In Apple's Store

EndlessNameless Walled Garden = Stewardship (89 comments)

This is where Apple can provide value to their customers by managing the ecosystem.

They should be more than capable of issuing refunds to anyone who was scammed, remotely nuking the app, and punishing the publisher in an appropriate manner.

If they do all of those things, it justifies some of their policies, at least for mainstream users.

about three weeks ago
top

Ask Slashdot: What's the Most Hackable Car?

EndlessNameless Look for Active Enthusiast Communities (195 comments)

Since cars have little security and minimal documentation, being the most hackable is simply the result of having a large enough group of people reverse engineering it.

The Nissan 350Z/370Z, Mitsubishi EVO/Lancer/Eclipse, and Subaru WRX/BRZ/Impreza are the standouts as far as being affordable for a hobby endeavour. Mercedes vehicles are also fairly well-explored.

Related models such as the Infiniti G/Q series (premium 350Z/370Z) inherit most of the same benefits from their mainstream brethren, and pretty much all Subaru cars have a decent aftermarket parts and mod community.

about 1 month ago
top

Nielsen Will Start Tracking Netflix and Amazon Video

EndlessNameless Re:What about SSL? (55 comments)

If they were going to include an audio form of a watermark, they could make it so subtle as to be undetectable.

With spread spectrum watermarking, you wouldn't be able to hear it, and only someone with the original pseudonoise sequence would be able to detect it. This provides the benefit of being practically impossible for would-be pirates to detect and remove---in addition to maintaining the quality of the original recording.

If they are using audible tones as a tracking mechanism, they are, quite frankly, so far behind the state of the art that it's laughable.

about a month ago
top

Apple Disables Trim Support On 3rd Party SSDs In OS X

EndlessNameless Re:This isn't new (327 comments)

That is true, but it ignores the important half of the picture.

Solid state drives do not write to individual LBAs or sectors. They write to pages, which consist of multiple sectors.

E.g.: If page 1 contains sectors 1-8, and you want write to sector 3, then it has to read sectors 1-2 and 4-8. After doing that, the drive will write the updated contents of sectors 1-8 to page 1 using whichever flash cells it deems appropriate.

It could use the same flash cells, or it could remap those LBAs to cells which have not been used as much (aka, wear leveling). Note that most HDDs present 4K sectors, while newer SSDs use 2M pages---this means the sectors:page ratio is actually 512:1 for most drives.

The drive does not understand deleted files; that is a function of the file system. The drive firmware only knows that those sectors contain data, and so that data will be preserved during future writes. This is the cause of write amplification, which TRIM reduces in order to extend the usable life of the drive.

The TRIM command is the only way to free those LBAs so that the drive will not reread and rewrite them every time it needs to update other sectors in the same page.

The performance impact of TRIM is huge once all pages have been written. In normal desktop scenarios, it might not be noticeable because the SSD will still be immensely faster than a mechanical drive. But in an enterprise environment where SSDs are used for tiered storage or cached writes because you need all the I/O you can get, disabling TRIM could bring down the whole virtual infrastructure.

about a month ago
top

How Sony, Intel, and Unix Made Apple's Mac a PC Competitor

EndlessNameless Re:It helps to actually use the thing. (296 comments)

They use generic PC parts the same as the rest of the industry. Sometimes the same exact quirks exist between Apple's and Dells. They are impacted by the same bad engineering choices.

There will be cases of overlap when vendors choose hardware from the same pool of suppliers.

Still, Apple tends to be better than an average PC laptop. I believe this is due, in part, to their decision to focus on refining premium laptops rather than developing additional products in the budget segment.

IPS panels with reasonable-to-excellent resolution for their size, solid multitouch touchpads, good-to-excellent battery life, and the MagSafe connector are standard across the line. All of these things are desirable to virtually anyone, but they do inflate the price.

The trade-offs are more hit-and-miss: limited product selection, upgrade limitations, basically one industrial design for the entire product line, somewhat difficult repairs, no high-end gaming/CAD options.

Non-techy people won't care about most of those since they won't upgrade or repair it themselves, and CPU/RAM/GPU specs aren't critical for office and media applications. They can happily pick out whatever looks and feels best, be it Sony, Dell, Apple, Lenovo etc.

More technical workers actually have to consider the trade-offs more closely.

Apple is certainly not the only company to build an interesting piece of premium hardware. They are, however, one of the few to maintain a premium product line consistently. E.g., Sony had a great line of executive laptops for about 3 years or so, and then it disappeared.

I think the tradition of premium placement and the corresponding tendency to avoid bargain-basement hardware is where the high-quality comment comes from.

about 2 months ago
top

FTDI Removes Driver From Windows Update That Bricked Cloned Chips

EndlessNameless Re:LKML response (572 comments)

The vendor ID is assigned by the PCI SIIG pursuant to their own registration rules. The vendor ID underlies a variety of PnP functionality, dating back to the original PCI interface. USB, PCIe, and a few other standards jumped on the bandwagon.

The clones who used FTDI's identifier are violating the standard.

I think FTDI is perfectly justified in stripping their identifier from third-party hardware.

The other manufacturers didn't want to develop, validate, and support their own drivers. This means FTDI incurs greater costs in bringing its product to market, but it also means FTDI has control of the software interface to their equipment (in a Windows environment). They have only themselves to blame, and they get no sympathy from me.

about 2 months ago
top

How Sony, Intel, and Unix Made Apple's Mac a PC Competitor

EndlessNameless Re:What a wonderful article (296 comments)

Second, hardware quality starts to fall through the floor on the PC side. The drop off in sales after 2000 had PC manufacturers cutting R&D, cutting parts quality and going into a spiral of chasing each other to the bottom in terms of build quality. The public had broadly realized this, while liking the lower prices. Apple's quality differences became well known.

This is what did it for me. I dual-boot Ubuntu and Windows 7, so the "premium" Apple software meant nothing to me---I touched OS X just long enough to snag the Boot Camp drivers for the Windows side.

I want an actual, workable touchpad in a well-built laptop with a good display.

The Apple touchpad (Synaptics hardware) works better in Windows than most competing laptops which only need to support one OS. I don't know if this is due to better software or hardware without really digging into it. I don't care because it just works.

And how many laptops go out due to the AC adapter plug or jack being damaged? I'm sure Apple has some patents on the MagSafe connector, but every other manufacturer has gone over a decade without designing similar functionality around it. I worked at a service depot in college, and nearly 1/3 of laptops that came in with a "no boot / no power" complaint were due to this. Seriously, spend a little money to address the most common failure mode.

I disagree with the comment regarding software selection, but that may come down to usage. I do work and light gaming on the laptop---very little web or media. There was so little software of interest to me that I had no use at all for OS X.

about 2 months ago
top

FTDI Removes Driver From Windows Update That Bricked Cloned Chips

EndlessNameless Not Even Mad (572 comments)

The makers of counterfeit chips are in the wrong here, not FTDI. They used FTDI's PCI vendor ID (presumably without authorization).

Everyone who had a bricked chip should go to the manufacturer and demand a replacement or a firmware flash. Maybe then those guys would use their own device identifiers and supply their own drivers.

But most people are probably just cutting corners to get something cheap. And then they blame everyone else for their problems.

Bottom line: This driver would never install on a system with a counterfeit chip if the vendor did not use FTDI's identifier. There is a standard, and it was violated by each and every knock-off chip that bricked.

Maybe FTDI deserves some heat for sticking it to their non-customers, but I have little sympathy for anyone in this snafu.

about 2 months ago
top

Employers Worried About Critical Thinking Skills

EndlessNameless Humanity and Humanities (553 comments)

Judging information from multiple sources, assessing credibility, analyzing arguments for validity and assumptions... these are all basic components of a liberal arts education.

Maybe we should actually focus on producing literate and critical students in grade school and high school instead of fanatically pursuing standardized tests, STEM programs, and sports. (Yes, I lumped STEM in there knowing I'm on a technology site.)

Standardized tests are a poor proxy for what we want, which is inventive, thoughtful, and productive adults. Universities, trade schools, and employers are picking up high school graduates---and surprise, they are complaining of similar deficits.

People who will succeed in STEM fields need more opportunity than guidance. All of the best people I've seen were largely passionate and self-taught. The rest just followed the money---and people who follow the money will push themselves to that level regardless. Mentoring and hobbyist groups exist outside of school, which is generally not true for basic academic instruction.

Sports provide some benefits in terms of physical health, socialization, and team work---but most places spend significant funds on sports equipment and facilities while actual academic infrastructure is left to crumble or slide into obsolescence.

On top of the misplaced focus, we have a serious political obstacle. The whole No Child Left Behind initiative was moronic from the beginning. Practically zero educators approved of the idea, yet it became law anyway.

On top of reinforcing the primacy of standardized test results, we are now funding institutions absent serious investigation into where funds are needed vs where they are being squandered. A "bad" school may be getting poor scores due to poor administration and wasteful spending, or it may have a population which demands more work---some schools must provide more remedial education, mental health treatment, behavioral discipline, etc than others.

about 2 months ago

Submissions

Journals

EndlessNameless has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?