Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Friendly Reminder: Do Not Place Your iPhone In a Microwave

TMYates Re:only works on Windows phones (240 comments)

Windows Phones are so innovative that they have built in Hydrogen Fuel Cells that recharge by simply submerging the phone in water.

about a month ago
top

Ask Slashdot: Advice On Building a Firewall With VPN Capabilities?

TMYates Re:Use a Pre-Built Network Appliance (238 comments)

While that is an awesome option (no complaints about the product), it still sits above the price point of the Cisco route I mentioned. I was under the assumption that the author of the article was looking for reasons to go one way or another. In this case based on his intended usage, I gathered that the device would most likely be set and forgotten. While there is a lot you can do with a pre-built pfsense firewall that you cannot do with the Cisco model, most of the functionality the author is looking for is also in a device built for small businesses at a quarter of the price.

about a month ago
top

Ask Slashdot: Advice On Building a Firewall With VPN Capabilities?

TMYates Use a Pre-Built Network Appliance (238 comments)

Unless you have a computer laying around, I strongly recommend getting an off the shelf solution using a router with capabilities built in. One good example I can point out is the Cisco Small Business RV215W Router. For $100-ish off Newegg, you get a full router with ACLs, QOS, VPN, VLAN, and more. If you like your current router, set up your current router to forward VPN traffic to this device. Best part is that it is small, quiet, and energy efficient when compared to a full computer.

There is nothing wrong with using a custom computer and throwing Linux on there with a software package to handle VPN, but based on your description, I think this would be a better fit unless you really want to go in depth on learning VPN technologies. By the sound of it, you just want something easy to set up and manage with little maintenance.

about a month ago
top

Windows Tax Shot Down In Italy

TMYates Re:Apple? (421 comments)

Because the hardware itself comes from 3rd parties like Intel, Broadcom, Realtek, etc. Not to mention BootCamp is designed to allow dual or triple booting of the OS. BootCamp has been around a while. As for experience with it, I cannot say I have any. I wouldn't touch a Mac unless I had to. This only applies to Intel based Macs. PowerPC systems run a different architecture.

Now if you were trying to be sarcastic, maybe you should flip it around. Traditionally it has been Apple that was opposed to anything but their software existing on their hardware. Their drivers are always more limiting than Windows ever was. Especially graphics cards. Just my observation.

about a month ago
top

Windows Tax Shot Down In Italy

TMYates Re:Apple? (421 comments)

I think the point is that the OS is still forced upon you with a Mac like the person was with Windows in the article. Technically since they are Intel based now, you should be able to install Windows or a flavor of Linux on Apple's hardware. This is essentially the same argument. Why should I be forced to use Mac on a system that can run other operating systems?

Given equivalent hardware, it always seems that Macs are way overpriced in comparison to other systems. Should that mean that I can get a Mac without OSX at a more reasonable Windows machine price? Even though Apple upgrades are free, how many times of purchasing Windows would it take to even out the cost of owning one with OSX? Since Linux is free, that cost would never reach the TCO of one with OSX or Windows.

about a month ago
top

AT&T Says 10Mbps Is Too Fast For "Broadband," 4Mbps Is Enough

TMYates Because by technical definition... (533 comments)

Broadband was originallymeant to refer to the signal properties and not the actual speed. Another term used would be wideband. Generally the wider the signal (frequency range), the faster it would be. Go back a few generations of technology and you can see where having dialup would not be broadband, but ISDN and T1 connections would be. The latter would use multiple channels to achieve a greater bandwidth by bonding frequency ranges together. This is more likely the definition AT&T is going by from an engineering standpoint and not a marketing standpoint.

about a month and a half ago
top

Microsoft Takes Down Slideshow-Building Tool After Getty Images Lawsuit

TMYates Re:Maybe we need an HTML tag for image/work copyri (81 comments)

I would have to agree here. HTML would be left up to the developer of the site to make sure the copyright is encoded. They wouldn't always know if they grabbed an image off Bing or Google if it had a copyright on it.

Alternatively, DRM images like we do music so it cannot be linked outside the site(s) allowed to show it.

about a month and a half ago
top

Heartbleed To Blame For Community Health Systems Breach

TMYates Re:Blame them, not Heartbleed (89 comments)

Saying that an exploit couldn't have been used in the first place is just nonsense. It would be better to say that with the adequate security and audit policies in place, they should have been alerted as soon as someone started trying to test for a heartbleed vulnerability. Action should have been taken as soon as they saw traffic repeatedly running a heartbleed exploit to prevent the disclosure of the information. Nothing can cover 100% and in this case, they were likely waiting on a vendor to patch their system. At the time the passwords were scraped, Juniper may have still been working on a patch (assuming the information that it was a week after announcing heartbleed). This should have been where the IT admins ordered the 72oz cups of coffee and stared at the screen for days on end.

about 2 months ago
top

Munich Reverses Course, May Ditch Linux For Microsoft

TMYates Re:Open Source Integrated email/calendar/phones/et (579 comments)

As far as I know there is not a single solution to cover everything mentioned in open source. That being said, although Microsoft offers integrated solutions, they are still separate products. Your named features span Lync and Exchange. For the open source side, I would point you to Asterisk and OpenFire to handle the Lync side and you could probably use Open-Xchange to handle email/calendar (though I am unfamiliar with Open-Xchange). Integration between the products would still be limited though. One of the best distributions I have played with is called Elastix and combines almost all the features you are looking for. Not sure about the calendar aspect though.

about 2 months ago
top

Munich Reverses Course, May Ditch Linux For Microsoft

TMYates Re:Open Source Integrated email/calendar/phones/et (579 comments)

There are a couple ways to set it up, but one method is with Exchange integration. In our setup, there is a folder in Outlook called Conversation History. All chat logs and call history end up in there. Lync will also show you some of the information from the Lync client, but older history can be searched there. You can also set up archiving to go to a central database. You can also continue past conversations from within Lync should you wish to.

about 2 months ago
top

Hotel Charges Guests $500 For Bad Online Reviews

TMYates Re:Give us a good review, or else. (183 comments)

Your alternative under the agreement would be to not post anything. I would hardly call that extortion when you have an option like that. I would never stay at such a place anyway and will start to look at any agreements I sign for such verbiage.

about 3 months ago
top

Satya Nadella At Six Months: Grading Microsoft's New CEO

TMYates Re:Not that hard IMO (151 comments)

I still use Windows Media Center on all my machines running Windows 8.1 Pro. Though they may not be actively developing it anymore, I would hardly call it abandoned when they still support, update, and ship it. Though in reality, the main reason they are not actively developing makes sense in some ways. With Hulu, Netflix and other video providers now making standalone apps for Windows 8, there was not a need to continue development. There is a video app, music app, and pictures app that split the functionality out of Media Center. Everyone seems to hate Windows 8.X, but for my computers hooked up to the TV, it seems to work out well navigating from afar. The Media Center remote control also works for navigating the start screen (to a point). The only thing I wish Microsoft would do is split out the TV app from media center and put it with the other apps like Xbox Music, Video, etc... That is the only reason I still use Media Center.

Zune was an awesome product (still have a Zune HD), but just late to the game. Apple was already trying their best to phase out older style iPods in favor of the iPod Touch. Everyone was wanting either the iPhone or the iPod touch and killing the sales for the other iPods. Microsoft tried to follow a route of moving the Zune app to their Windows Phone platform, but they failed to have Wi-Fi only version like Apple. Once they did that, Zune started to fade out in favor of the Xbox title.

about 3 months ago
top

Quiet Cooling With a Copper Foam Heatsink

TMYates Interesting Thought (171 comments)

If I understand it correctly, it works similar to materials NASA uses on the space shuttle. By increasing the surface area of the heat sink, you get a better cooling effect. I believe NASA uses a foam made of 95% air or so for the tiles that are on the outside of the space shuttle. These in turn seem to allow heat in but can remain cool to the touch at very high temperatures internally. Somewhere I saw a video of someone holding a block made of this NASA material. In this case, having a "foam" made out of copper allows it to cool very quickly. I bet it would still work better to have some sort of fan blowing and constantly moving air across the foam.

Disclaimer: I do not claim to be an expert in the physics or technology behind this, but it seems logical to me.

about 3 months ago
top

Ask Slashdot: Is Running Mission-Critical Servers Without a Firewall Common?

TMYates Re:Vendors.... who needs them... (348 comments)

It depends on whether you are running tagged or untagged VLANs. You are correct for trunk ports that carry tagged VLANs, but the catch there is that you have to have a tap or sit on a trunk port that can see the same tags. Both of these cases require physical access to monitor or make changes (or remoting into a switch). If physical access is a problem, you have bigger issues on hand. VLANs are not end all security, but to completely push them aside is ludicrous. Properly done, VLANs are a great augmentation to security, but I would not rely on them as the only means.

I mainly use VLANs with layer 3 routing so I can have firewall rules at the switch level between the VLANs which I put on separate IP networks. I avoid using the same network across multiple VLANs.

about 3 months ago
top

New SSL Server Rules Go Into Effect Nov. 1

TMYates Re:Big Problems (92 comments)

I generally haven't as well, but depending on your environment, automatically generated certificate requests may attempt to contain an internal domain. Hence why the default setup would no longer work once this rule takes effect. For instance, an environment that uses a domain.local that you cannot change because you have Exchange (Thanks Microsoft!). It is completely possible to have an internal interface and external and split the roles and certificates (this is what I do). Our internal interface has an internal CA cert and the external a public cert. The problem comes where all the service packs and cumulative updates I have applied required me to remove one of the virtual directories for things like OWA and ECP or the update would fail. The funny part is, they allow PowerShell to create those multiple directories, but the PowerShell scripts they put in the update expect only one directory. Fortunately its easy to export the config of one of the directories and recreate it later.

about 3 months ago
top

Ask Slashdot: Is Running Mission-Critical Servers Without a Firewall Common?

TMYates Vendors.... who needs them... (348 comments)

I have seen this so called "requirement" on occasion and think the company that requires it needs to go though a security audit of their own. I also think that anyone that requires Domain Admin/Root access for their software to run doesn't know a thing about security (I get this commonly too). The problem you may face will be through regulatory compliance for various things (as some here mentioned PCI already) There are other regulations you should probably try to discover if you are required to comply with especially if you will be hosting PII (Personally Identifiable Information). Not just talking HIPAA, but some e-commerce sites require a little more security for their data.

That being said, as long as there is a firewall to the internet and your server does not have critical internal only ports open, in most cases you would at least pass basic security requirements, albeit not optimally. Make sure you run a test using something like NMap! As for alternative ideas, you could set rules in the local firewall to allow unrestricted traffic between the servers involved while limiting access from all others to the default rules. You could also set up IPsec tunnels between machines to encrypt that traffic. I would at least make sure you have a path to separate as many features that require higher security as possible. For instance, PCI will require more strict rules and if that is a problem for this vendor, budget a separate server for transaction processing.

Some of those options may help find some middle ground between your requirements and theirs (after all, you are not limiting traffic of interest to them). I would push to have a Business Associates agreement signed by them saying that by not following your configuration requirements, they will hold some or all of the responsibility for a breach involving their solution. It would still hurt you in the case of a breach, but at least it puts them on edge to make sure they do everything they can to secure their solution since they now have a financial consequence for a breach.

Last but not least, make sure you put the POS system in it's own VLAN separate from all other systems. Lock down that network to only POS traffic and put no other device unrelated to the POS system on that network. This is part of the reason for recent breaches from some of the major retailers.

about 3 months ago
top

New SSL Server Rules Go Into Effect Nov. 1

TMYates Big Problems (92 comments)

This may cause big problems for many of the existing systems out there. How do they determine internal names? Does it require a .com? Will it take into account any new top level domains that opened up? What about certificates for various systems that do not require domain names for communication (I.E. ADFS Signing/Encryption Certificates).

I think it should be required to not mix internal and external names in certificates, but to ban them completely is going to break many things. I know by default Exchange 2010/2013 and Lync Server require internal names in the certificate. You can split the bound IPs and use 2 different certificates, but it makes things more difficult to configure and manage. No to mention that Exchange patches really hate multiple virtual directory entries...

about 3 months ago
top

Critroni Crypto Ransomware Seen Using Tor for Command and Control

TMYates Re:Antivirus (122 comments)

Antivirus applications would never be an end all solution in any case. There might be a chance they can catch it, but you have to be up to date on the definitions for most to be able to catch it. Some newer systems may be able to do heuristics and catch potential cases that look malicious, but can have false-positives and false-negatives. Even cases where you have the best of everything and are up to date may not completely eliminate risk. This is where Zero-Day exploits (or unpublished exploits) can find their way in and disable or bypass many of these countermeasures.

Firewalls would not be helpful for anything other than blocking known ports to command and control servers. In this case, using Tor would be an advantage for the ransomware as it would block any legitimate use you may have for Tor browsing (not that I would allow it for business use in most cases). You are most likely thinking of something like an IDS/IPS system that can sit on the network and sniff out malicious traffic. Some allow for Deep Packet Inspection with SSL decryption. Even that may not cover all cases. If they use custom protocols or a different method for encrypting traffic, it would most likely render such setup useless after an infection. It may help in the initial detection however.

In the end you can never be 100% covered for anything. I always live by the notion that it is not a matter of IF but WHEN something is going to happen. The best solutions are the simplest. Make sure you have recoverable backups (don't just set them and forget). It also helps to reduce your footprint and exposure as much as possible.

about 3 months ago
top

Justice Dept. Names ZeuS Trojan Author, Seizes Control of P2P "Gameover" Botnet

TMYates Government Control (76 comments)

Just have to put this out there, but now that the government has taken control, how much do you want to bet the NSA will use this opportunity to spy? Even if they do not use Zeus long term, they could use it to install their own software on millions of PCs that are already infected.

about 5 months ago

Submissions

TMYates hasn't submitted any stories.

Journals

TMYates has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?