Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Modular Hive Homes Win Mars Base Design Competition

dave562 Really? (61 comments)

The garden and kitchen are on opposite ends of the dining room?

Usability fail.

about a week ago
top

German Intelligence Spying On Allies, Recorded Kerry, Clinton, and Kofi Annan

dave562 Re:Germany not responsible for call recordings (170 comments)

Or that the United States leverages multiple sources for the same information. Redundant systems and all of that.

about a week ago
top

Microsoft Considered Renaming Internet Explorer To Escape Its Reputation

dave562 Waste of time (426 comments)

Is this really what is going on at Microsoft? Their staff has so much free time that they can sit around sorting out whether or not to rename a browser?

Are we going to get an educational campaign to go along with it? After all they will have to explain to people that, "Internet Explorer is not really gone. It is now called..." What is the life span of a bad idea in the minds of computer users? We still make fun of Clippy after all....

What an epic waste of time.

They need to suck up the fact that their product was sub-par for years. Focus on the improvements. Continue moving forward.

The exact audience who cares about the differences between IE, Chrome, WebKit, Trident and all of the cross roads of the various technologies is not going to be "fooled" by a re-branding. Those are the people who matter. Those are the people who are developing web technologies. Give them the features that they want. At the same time, give the end users a stable, secure application.

The truth is that the war is over. HTML5 is here. Everything that used to require ActiveX can now be done in HTML5. I am already seeing large vendors make the switch. One of our larger LOB application, a web app with hundreds of internal users, recently went HTML5. The vendor did a great job. The UI looks exactly the same. The only difference that the end users see is that the site now "magically works in Chrome".

about two weeks ago
top

Apple's App Store Needs a Radical Revamp; How Would You Go About It?

dave562 Re:And if you think small devs are upset now... (249 comments)

I agree. Short term it is not going to happen. It goes against their marketing of people being free to create for/with Apple products.

But "never" is a very long time.

about two weeks ago
top

Apple's App Store Needs a Radical Revamp; How Would You Go About It?

dave562 Re:Why is this Apple's problem? (249 comments)

At the same time, companies pay premiums for shelf placement. I have never been into a Wal-Mart and are not familiar with their operations, but I know for certain that this is how it works in large chain grocery stores. The shelves higher or lower than eye level cost less than the ones right at eye level. Similarly, in the cereal eye the companies pay more to have their sugar laden cereals on the lower shelves so that they are at eye level for children.

It would be interesting to see if Apple eventually allows developers to pay for preferential placement. I do not see why they would not. Everyone else pays for eyeballs, whether it is on Facebook or CNN.com

about two weeks ago
top

Apple's App Store Needs a Radical Revamp; How Would You Go About It?

dave562 "Small group of adepts..." (249 comments)

Because working for Apple is an intense spiritual discipline.

about two weeks ago
top

Ask Slashdot: Should You Invest In Documentation, Or UX?

dave562 Consolidate your processes (199 comments)

This should not be an either or discussion. As new features are being developed, there should be a resource tasked with leading the documentation team and ensuring that they stay up to date with the feature changes. The resource needs to be technical enough to listen, take good notes, and most importantly, understand what the developers are talking about during the change meetings. Conversely, the developers need to be available to that person and their team when additional clarification is needed. That will slow the developers down a little bit, and we all know how much developers hate having to explain what they do... but in the long run, the product will be better for it and the team will be better for it.

about two weeks ago
top

Microsoft Black Tuesday Patches Bring Blue Screens of Death

dave562 Re:The suck, it burns .... (179 comments)

Microsoft gets no pass! I generally give Microsoft the benefit of the doubt, but there are too many instances of this. I am going to go off on a bit of a tangent here, but the fail to eat their own dog food. They come up with Best Practices, and they do not even follow them internally. There is not an internal body at Microsoft that enforces uniform standards. They have it setup that way to mitigate risk to the company. If they had a single body responsible for maintaining order, they open themselves up to the risks associated with the failure of that body. So instead, they just compartmentalize and each team ends up doing their own thing. Therefore the inevitable fallout is contained.

That organization strategy causes problems like this. They restrict their ability to test patches across the groups. They have damned themselves. And they have done it to cover their own asses. Therefore, they get zero sympathy.

It is never going to happen, but they need to modify their business model. Instead of forcing people onto the upgrade treadmill, they should move over to a maintenance subscription model. Doing that would allow them to continue to improve the products, and stop focusing on pushing out new features all the time. For the most part, Windows, Office, Exchange and SQL server are "good enough" in terms of feature set. Now they just need to focus on making them stable, and improving the tooling that is already there.

about two weeks ago
top

Writer: Internet Comments Belong On Personal Blogs, Not News Sites

dave562 Welcome to Thunderdome! (299 comments)

The internet is the ultimate gladiator arena for thoughts. If an idea cannot stand up to the harsh scrutiny of a bunch of anonymous trolls, it probably does not deserve to thrive permanently in the public realm. The reality of internet trolling is that people are free to say what they actually think, without the tethers of society keeping their ego in check. It does get ugly and unproductive at times, but let's face it, ideas are stronger for running the gauntlet.

I especially think that news sites need to support comments. The primary reason for that is so that that informed members of the public can provide counter points and make persuasive arguments to influence people who might be on the fence about the subject. Every site, from a mainstream site like CNN to the darkest fringes of the internet, is biased. As a society, we need to be able to counter the bias and the best way to do that is with discourse.

about two weeks ago
top

T-Mobile To Throttle Customers Who Use Unlimited LTE Data For Torrents/P2P

dave562 Re:This is going to end so well for them! (147 comments)

Where do those who determine what is and is not ethical come down on the issue ISPs who introduce artificial scarcity by refusing to re-invest the revenue that they generate from their customers into infrastructure upgrades that would allow them to support the internet usage habits of ALL of their users?

about two weeks ago
top

Every Day Is Goof-Off-At-Work Day At the US Patent and Trademark Office

dave562 Re:How is that different in private sector? (327 comments)

The difference is that the private sector has competition. If Company A is billing a certain amount of hours to get a job done, and Company B is billing less to get the same job done, then Company A will eventually start losing work to Company B. Similarly if Company A is turning out half assed work, or doing the professional equivalent of finishing their homework right before class, they will lose business to other organizations who deliver better results.

The company I work for is facing the first challenge of spending too much time on projects. A good portion of our engagements are spent re-inventing the wheel on basic project setup and management activities. It looks good for the Directors in charge of the projects because their people are 100%+ utilized. It kills us in the marketplace because our competitors have good processes in place that allow them to execute projects in less time and for less cost. The company has no choice but to become more efficient.

The patent office has no such competition. Nobody else can grant patents. Therefore they can half ass their way through it and there will not be any consequences for them.

about two weeks ago
top

Ask Slashdot: When Is It Better To Modify the ERP vs. Interfacing It?

dave562 Re:No matter how common you think it is... (209 comments)

Sounds about right for most "enterprise IT 'talent'" these days. Heaven forbid anyone should have even a passing familiarity with any systems beyond the small handful that they work with.

about three weeks ago
top

Microsoft Tip Leads To Child Porn Arrest In Pennsylvania

dave562 Re:Trust the Computer. The Computer is your friend (353 comments)

That is why the time to fight this is now.

I see this all the time. Fighting without a goal in mind is futile. Right now there are a small handful of people who are upset about some issues, but nobody is proposing an alternatives. Not only that, but nobody has come up with a concrete example of how their much better alternative reality is being hindered by censorship.

about three weeks ago
top

Microsoft Tip Leads To Child Porn Arrest In Pennsylvania

dave562 Re:Trust the Computer. The Computer is your friend (353 comments)

I agree with you that the timing is suspicious. It is also coming out at the same time as the story about the FBI infecting Tor users with malware and using that as a means to bring child porn charges against a number of people. (http://gizmodo.com/the-fbi-is-infecting-tor-users-with-malware-to-catch-ki-1616363114). Obviously the message is that Tor is evil and is only used to facilitate child porn, drugs and murder for hire.

I have no idea how large the child porn community is, but I have the sense that it is not really as big and far reaching as the authorities want to make it out to be. On the other hand, maybe the child porn kink is as common as women who like having their hair pulled. Like you said though, it is a convenient boogey man to trot out from time to time to use as cover for much wider ranging programs. "Ignore the fact that we are eavesdropping on EVERYONE because look, we caught a dozen people looking at kiddie porn." Nobody is going to come out and say, "But kiddie porn is a-okay!" And the government also gets to tar anyone against dragnet surveillance. "You mean you DON'T want us to catch perverts into kiddie porn? What are you, a kiddie porn consuming terrorist?!?!"

Can you produce some evidence of some non-objectionable content that is being censored? That is what I am waiting for. I see this slippery slope argument all the time, but I do not see the censorship.

It can be argued that the media is controlled via centralization and therefore heavy handed censorship is not even necessary. It is not necessary because the major media outlets can choose to ignore anything that goes against the status quo.

The MH17 shoot down in the Ukraine is a good example. There is plenty of material out there that calls into question the narrative being put out by the White House and the State Department. But that information is not being pulled off of the internet. It is not being filtered by the ISPs. They do not need to filter it. The average American does not care. You can put the information in front of them. You can show them that we are being herded into World War 3. Unless the message comes from CNN or Time Magazine or the Washington Post, they will not believe it.

about three weeks ago
top

Microsoft Tip Leads To Child Porn Arrest In Pennsylvania

dave562 Re:Trust the Computer. The Computer is your friend (353 comments)

I agree. And this is why I posed the question to the OP. He is against "any" censorship. I was curious if that also applies to censorship of negative things that happen to someone close to him who he presumably loves and cares for.

It is one thing to try to portray kiddie porn as "just pictures". It is another thing entirely when they are "just pictures" of your child, or your niece.

This is going to be a bit too metaphysical for this audience, but there truly is "good" and "evil" energy in the world. I do not mean in the Christian sense of heaven and hell. I mean real evil. Real, emotional and mental sickness that should have no place in a civilized society. Yet at the same time, an evil that is inevitable given the reality that the universe must be balanced, and that every action must have an equal and opposite reaction. Evil that is the polar opposite of love and compassion and caring.

about three weeks ago
top

Microsoft Tip Leads To Child Porn Arrest In Pennsylvania

dave562 Re:Trust the Computer. The Computer is your friend (353 comments)

Let's use an extreme example here. Someone rapes your mom and takes pictures and posts them on the internet. Would you be opposed to allowing your mother to issue a DMCA take down notice? That is censorship.

Following your logic as I think you are laying it out, you would have to be opposed to that too. After all, rape is bad and we are not necessarily condoning rape. We are simply looking at images of something that has already happened. We are not profiting from them. The rapist is not profiting from them. The victim is already victimized and will not be un-victimized. So censorship is abhorrent and therefore raped mom on the internet is okay. Right?

about three weeks ago
top

Microsoft Tip Leads To Child Porn Arrest In Pennsylvania

dave562 Re:Trust the Computer. The Computer is your friend (353 comments)

I am willing to agree that blanket censorship is a bad thing.

How can you be opposed to the censorship of child pornography? Please avoid the slippery slope argument. That one has been played out.

about three weeks ago
top

Microsoft Tip Leads To Child Porn Arrest In Pennsylvania

dave562 Re:Trust the Computer. The Computer is your friend (353 comments)

The harm is in the production of the images in the first place, not in the viewing of them. The viewing supports the production. Or the production supports the viewing. I am not sure, given that I do not operate in those circles. From what I have read about it, the consensus seems to be that most kiddie porn is produced by family members abusing their younger relatives.

It can probably be argued that the people making the images would continue to make them even if they did not have an audience to share them with. Even so, there is still some social value in discouraging people from consuming the images. If people are interested in the images, that is a form of social acceptance for those who make the images.

It is bad enough that people have these demons that they struggle with. It is terrible that they abuse those who are too young to protect themselves and in most cases, do not even realize how wrong the activities are. The last thing that we need as a society is to encourage others to consume the evidence of that abuse.

about three weeks ago
top

Big Bang Actors To Earn $1M Per Episode

dave562 Re:Over paid (442 comments)

For an interesting thought project, work backwards to how much the advertisers must be paying the networks to support those kinds of salaries for the actors. Do not forget to factor in production costs, everyone working below the line, etc.

about three weeks ago

Submissions

top

Citrix or VMware for VDI access to SaaS application?

dave562 dave562 writes  |  about a year ago

dave562 (969951) writes "Editors, this is for ask Slashdot.

Given the need to provide a remote desktop to clients who want speedy access to an in house, Windows based (yeah, yeah, I know, I know...) SaaS application, which vendor has the best offering, Citrix or VMware? If it matters, I am looking at a user base of 500-5000 users in the next two to three years. I come here to ask this question because I figure if anyone has really used this technology, in the wild, and lived through the boot storms, I/O challenges and other technical and administrative challenges with this technology, they are probably a /. reader.

I am currently leaning towards Citrix. Their web gateway simplifies the external access component. It also supports two-factor auth and federation. Their client is also very stable at this point and works on all devices, from desktops to laptops to tablets and smartphones. The technology is fairly secure, enough so that we can leverage it to prevent the average user from mapping drives, or printers, or otherwise exfiltrating data from the environment. While on the other side of the coin, universal driver support makes it easy to enable those features when necessary.

I am only really considering VMware because we already have the licenses for their VDI product. Based on some cursory research, it would require more investment on our time to properly configure external access for clients. They do seem to be making some strides on the resource utilization front though. Specifically I'm talking about the full and linked clones.

I am sure that there are a dozen other nuances of the two products that I have not even begun to scratch the surface of. The main driver of desktop virtualization in this case is application performance. We have hundreds of users who are using a web based app to review large documents (10-50MB each). The bandwidth costs and performance challenges of clients having disparate levels of connectivity are both alleviated by using a remote connectivity solution like Citrix / RDP."
top

AAPL tracks MSFT peak for peak

dave562 dave562 writes  |  about a year and a half ago

dave562 (969951) writes "The more things change, the more they stay the same. In 1999, Microsoft had a run up to what proved to be the company's highest market capitalization ever. Now in 2013, Apple reached similar highs. The jury is still out as to whether or not AAPL has peaked, but this article from ZeroHedge provides an overlay of the market caps of these two tech titans, and makes some suggestions about where AAPL is heading.

So Slashdot, is Apple really that different? Or does the market have a limited pool of capital to allocate to technology companies, no matter how sought after their products are?"

Link to Original Source
top

Industrial Control System (ICS) Security Investment Growing Substantially

dave562 dave562 writes  |  about a year and a half ago

dave562 (969951) writes "Smart grid industrial control systems (ICS) remain in a state of flux. Security is still viewed as a cost-limitation exercise by many utilities, and advances toward meaningful regulations remain halting. But the utility industry as a whole appears better informed of cyber risks to grids and substations, likely portending more cyber security deployments in the next one to two years. According to a new report from Pike Research, a part of Navigant's Energy Practice, the market for smart grid ICS cyber security will reach $369 million in 2012 and grow to $608 million by 2020.

Technological innovation in this market is stagnant, according to the report, and security vendors do not share a consistent view of this market. While many general-purpose security vendors have not yet seen the growth they had expected, vendors that specialize in control systems security are receiving more requests for proposals than ever. Vendor approaches to the market also vary: some strategically propose a full cyber security solution for an entire control network, while others take a more tactical approach and propose only solving specific problems. Whether taking a strategic or a tactical approach, vendors must orient their discussions with utilities around solving operational and business problems, not technical concepts.

Are any Slashdotters working in this field? What sort of approaches are you taking? Tactical fixes, or strategic solutions?"

Link to Original Source
top

DoJ investigates eBook price fixing

dave562 dave562 writes  |  more than 2 years ago

dave562 (969951) writes "The U.S. Justice Department's antitrust arm said it was looking into potentially unfair pricing practices by electronic booksellers, joining European regulators and state attorneys general in a widening probe of large U.S. and international e-book publishers.

A Justice Department spokeswoman confirmed that the probe involved the possibility of "anticompetitive practices involving e-book sales."

Attorneys general in Connecticut and, reportedly, Texas, have also begun inquiries into the way electronic booksellers price their wares, and whether companies such as Apple and Amazon have set up pricing practices that are ultimately harmful to consumers."

Link to Original Source
top

Android cuts into Apple's margins

dave562 dave562 writes  |  more than 2 years ago

dave562 (969951) writes "Reggie Middleton at BoomBustBlog offers some insightful analysis about how Android is impacting Apple's market share.



The maddening pace of Android technology development is simply too much for Apple to keep pace, or at least keep pace with while maintaining those fat margins. So what do they do? they release a marginally improved product that has yet to match the 6 month old Android flagship tech that is about to be refreshed/replaced/updated in exactly ONE WEEK!



He goes on to point out how Google has backed Apple into a corner, and they will have no choice but to cut into their fat profit margins in order to stay competitive.



Lower prices and/or higher technological bars will lead to lower margins. For those that are paying attention, it is evident that it is already happening. The disappointment felt throughout the web at the release of the iPhone 4GS was not due to Apple releasing a subpar product. It was due to Android raising the bar so high that Apple simply could not match it without busting its extremely fat (72%) margins.



What does this mean for Apple's share prices? I think the answer is obvious."

Link to Original Source
top

FCC Release Broadband Report

dave562 dave562 writes  |  about 3 years ago

dave562 (969951) writes "Today the FCC released the results of their study that was focused on measuring real world broadband performance for residential customers across the United States. The study examined service offerings from 13 of the largest wireline broadband providers using automated, direct measurements of broadband performance delivered to the homes of thousands of volunteers during March 2011. Myself and many other Slashdot readers participated in the study."
Link to Original Source
top

Rural broadband cost $7 million per home

dave562 dave562 writes  |  more than 3 years ago

dave562 (969951) writes "In an analysis of the effectiveness of the the 2009 stimulus program (American Recovery and Reinvestment Act of 2009 or ARRA), one of the programs that was investigated was the project to bring broadband access to rural America. Some real interesting numbers popped out.

Quoting the article, "Eisenach and Caves looked at three areas that received stimulus funds, in the form of loans and direct grants, to expand broadband access in Southwestern Montana, Northwestern Kansas, and Northeastern Minnesota. The median household income in these areas is between $40,100 and $50,900. The median home prices are between $94,400 and $189,000.

So how much did it cost per unserved household to get them broadband access? A whopping $349,234, or many multiples of household income, and significantly more than the cost of a home itself.""

Link to Original Source
top

RIMs downward spiral continues

dave562 dave562 writes  |  more than 3 years ago

dave562 (969951) writes "The always insightful and forward looking guys at Zero Hedge bring the latest details in RIMs stock valuation. Layoffs are on the horizon as RIM misses their earning targets and continues to lose ground to Apple and Android. Is RIM on the way to becoming the MySpace of the smartphone market?"
Link to Original Source
top

FCC pressured to reject AT&T / T-Mobile deal

dave562 dave562 writes  |  more than 3 years ago

dave562 (969951) writes "Sprint Nextel, joined by an army of thousands of consumers, have filed requests for the U.S. Federal Communications Commission to block AT&T's proposed acquisition of rival mobile carrier T-Mobile USA.

AT&T has argued that it needs T-Mobile's spectrum to keep up with growing demand for mobile broadband service. Sprint disputed that argument, saying AT&T already controls the most spectrum of any U.S. mobile carrier. AT&T is the "industry laggard" in deploying next-generation mobile broadband, a source close to Sprint said Tuesday."

Link to Original Source
top

Rural broadband subsidy program wasteful

dave562 dave562 writes  |  more than 3 years ago

dave562 (969951) writes "An analysis of federal broadband stimulus projects awarded by the Department of Agriculture’s Rural Utilities Service (RUS) finds the program’s funding of duplicative broadband networks has resulted in an extremely high cost to reach a small number of unserved households.

The study shows that the RUS’ current program is not a cost-effective means of achieving universal broadband availability.

  RUS’ prior broadband subsidy programs have not been cost effective, in part because they have provided duplicative service to areas that were already served by existing providers,"

Link to Original Source
top

Social Media as a Tool for Protest

dave562 dave562 writes  |  more than 3 years ago

dave562 (969951) writes "Stratfor provides good analysis and insight into the realities of using Social Media like Facebook and Twitter as revolutionary tools.

"
The role of social media in protests and revolutions has garnered considerable media attention in recent years. Current conventional wisdom has it that social networks have made regime change easier to organize and execute. An underlying assumption is that social media is making it more difficult to sustain an authoritarian regime — even for hardened autocracies like Iran and Myanmar — which could usher in a new wave of democratization around the globe. In a Jan. 27 YouTube interview, U.S. President Barack Obama went as far as to compare social networking to universal liberties such as freedom of speech.

Social media alone, however, do not instigate revolutions. They are no more responsible for the recent unrest in Tunisia and Egypt than cassette-tape recordings of Ayatollah Ruholla Khomeini speeches were responsible for the 1979 revolution in Iran. Social media are tools that allow revolutionary groups to lower the costs of participation, organization, recruitment and training. But like any tool, social media have inherent weaknesses and strengths, and their effectiveness depends on how effectively leaders use them and how accessible they are to people who know how to use them.""

Link to Original Source
top

China's Double-edged Cyber-sword

dave562 dave562 writes  |  more than 3 years ago

dave562 (969951) writes "Stratfor analyst Sean Noonan shares his commentary on the capabilities of China's cyberwarfare capabilities, and the challenges and threats that those same capabilities bring to maintaining social order within the country.

A recent batch of WikiLeaks cables led Der Spiegel and The New York Times to print front-page stories on China’s cyber-espionage capabilities Dec. 4 and 5. While China’s offensive capabilities on the Internet are widely recognized, the country is discovering the other edge of the sword.

China is no doubt facing a paradox as it tries to manipulate and confront the growing capabilities of Internet users. Recent arrests of Chinese hackers and People’s Liberation Army (PLA) pronouncements suggest that China fears that its own computer experts, nationalist hackers and social media could turn against the government.
"

Link to Original Source
top

Goldman Sachs programmer trial sealed

dave562 dave562 writes  |  more than 2 years ago

dave562 (969951) writes "Goldman Sachs' lawyers have asked the Federal judge to seal the court room during the trial of Sergey Aleynikov. Aleynikov was one of the programmers who developed Goldman's High Frequency Trading (HFT) programs. What does this say about the state of the financial indudstry? Given the problems HFT seems to have caused over the last few years, shouldn't more light be shone into the dark corners of how it works?"
Link to Original Source
top

Doubts on Iranian regime change via social media

dave562 dave562 writes  |  more than 4 years ago

dave562 (969951) writes "Dr. Foaud Ajami was recently interviewed by Stanford University. He is a Senior Fellow of the Hoover Institution and the Chair of the working group on Islamism and the International Order. Among the topics discussed were Twitter and Facebook. Dr. Ajami seems skeptical about enacting regime change in Iran via the social media. He says that he is "worried about people who believe that Twitter and Facebook and so on will overthrow the Iranian regime.""
Link to Original Source
top

Integrating Linux into the Microsoft Enterprise

dave562 dave562 writes  |  more than 5 years ago

dave562 (969951) writes "I have to admit that despite getting Slackware running on a 486 in the mid-1990s, I never really picked up on Linux. At this point I've realized that the handwriting is on the wall, and I need to get with the program (better late than never, right?).

My first project has been to setup Ubuntu (8.04) and get Subversion running. The Ubuntu install went flawlessly. Subversion has been a struggle, but I finally got it to work with TortoiseSVN and was able to upload files into my repository. The experience required tweaking some permissions via chmod. I've realized that I'm very uncomfortable with integrating Linux into the Windows world, and I don't have any idea of where to start.

I've read vague descriptions of OpenLDAP, and I have a feeling that I should be looking in that direction.

Can any of you recommend some good books about integrating Linux and Windows? What I am specifically interested in is being able to control the access of Windows (Active Directory) groups to resources on the Linux box. I will be looking into Samba as well, but I need to control access to more than just network file shares. For example, to be able to get TortoiseSVN to transfer (Import) files into the repository, I had to give the "world" rxw rights to some of the sub-directories in the Subversion repository. I'm fairly certain that is a huge security hole right now. In an ideal world, I would have liked to create a group in Windows, and only allow those people access to the directories. Longer term it would be great to be able to replace Active Directory with something else that can handle access controls to the Windows boxes and network file shares. Where I work Windows will never go away because of some industry specific applications, but it would be great if I can minimize the role that it plays on the backend.

Beyond books, what are some of the real world tools and solutions that you guys are using when you have to make Linux live in an Active Directory environment?

If it matters, I'm not married to Ubuntu and have already considered giving CentOS a try. I work at a shop with a heavy investment in HP hardware, and HP has great support for RHEL, so I figure CentOS will probably be a good foundation for where I am working."
top

Maxtor drives contain password stealing trojans

dave562 dave562 writes  |  more than 6 years ago

dave562 writes "According to this ComputerWorld article http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9046424&intsrc=hm_list, Seagate hard drives that were assembled in Taiwan were shipped with firmware that phoned home to two servers based in China. The Chinese government is denying any involvement in the incident. The software appears to steal passwords to online gaming websites."

Journals

top

Oh the irony

dave562 dave562 writes  |  more than 4 years ago

I originally started reading Slashdot because of my curiosity about Linux. I've been on the internet since the early 1990s and have been working in corporate IT since the mid-1990s. My original experience with networking in a corporate environment was Novell Netware and I've since spent most of my time using Microsoft Windows servers. In the decade plus that I've been working in IT I've developed a fairly platform agnostic approach to meeting the needs of business. It's all about the best tool for the job as far as I'm concerned.

Recently where I work we have hired a new CFO and he oversees IT. He is a big proponent of OSS software and Linux. He hates Microsoft with a passion and believes that we should be replacing Windows boxes with Linux where ever possible. He wanted to use Subversion for version control on some budget documents, and of course he wanted to run it on Linux and have SSH access into the Linux box.

Being a Linux neophyte I went ahead and downloaded Ubuntu 8.04 LTS server. I used apt-get to get all of the updated versions of the software from the repository. I configured Subversion and setup the repository for the files. I setup SSH so that the CFO could use Tortoise and Putty to remotely access the files. Everything was working well up until this morning.

My users were calling and emailing with complaints of the internet being slow. Given that we upgraded to a 7.5MB connection over the weekend, my initial thought was that something was wrong with the ISP. I checked the firewall and saw that there were 65000+ open connections and the logs were filled with warnings of SYN floods coming from the Linux box. I logged into it, ran a netstat -a and found pages upon pages upon pages of open connections on port 22 to random boxes all over the internet. Sure enough, the Linux box was completely owned and being used to attack other boxes.

I find it ironic that here I am in a Windows shop with twenty plus servers running everything from SQL to IIS to Exchange on public facing connections. I have a few boxes with exposed terminal services connections so that vendors can get in an do remote support. I put one Linux box on the network and open it up to the internet and it lasts less than three months.

I find myself remembering all of the comments about how *nix is more secure by default. How OSS software is more secure because so many people are looking at the code. Microsoft software sucks and it's a huge target that is going to crumble as soon as you plug it into the network.

I realize that in this case a lot of what happened probably has to do with my own inexperience with Linux. If I had over a decade of experience using Linux day in and day out I'm sure that I wouldn't be in the situation that I'm in right now. I do consider myself a fairly competent network admin though. I did my best to harden the box. I only exposed SSH to the internet. I downloaded all of the latest software updates from the repository using the built in apt-get mechanism. Despite all of that, the box still got owned. So I write this journal entry to point out that nothing is simple. There are a lot of zealots out there who take it for granted that their OS of choice is secure and stable. They spout off about how it is perfect for everyone, and every job and fits in every situation. They take for granted that they've forgotten so many of the glitches, the gotchas, the key workarounds that are necessary in any sort of production environment.

Every software has bugs. Every software has exploits. Every software takes a skill set tailored to the package itself in order to properly use it. There really should be licenses to use software in business environments where sensitive data is involved. Even the best intentioned admins who are doing the best that they can do are bound to miss things. They don't miss them because they are incompetent or because they are malicious. They miss them because they don't have the experience to realize that they are missing things.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>