Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!



Why Is It Taking So Long To Secure Internet Routing?

dremspider trust (85 comments)

Most of these solutions require some sort of central authority to manage the security of all the routes. Sounds great until you realize that there is no one that all the users of the Internet can trust. I am not even sure that users can trust their own governments to manage this without exploiting users for the sake of surveillance let alone other countries trust one another. If you can't trust one another the best thing to do is remain insecure but watch each other like hawks for any foul play.

about 2 months ago

Ask Slashdot: Open Hardware/Software-Based Security Token?

dremspider Smart cards work (113 comments)

I have had a smart card setup for a little while. I use it for both OpenVPN and SSH access. I created the card by making my own CA and then using OpenSC to write to the card itself. There are some other cool things you can do like us it for PGP signing. I got a whole kit for about $100 bucks that came with a reader/writer, 2 cards and one USB thing.

about 4 months ago

Buying New Commercial IT Hardware Isn't Always Worthwhile (Video)

dremspider Re: Slashvertisement? (92 comments)

Is it really still like this? I remember this was an issue 8 years ago... I would have never thought it was still like this.

about 4 months ago

In a Hole, Golf Courses Experiment With 15-inch Holes

dremspider Re:Expensive Middle Class Sport Losing Patrons (405 comments)

BS... for one thing you can get into cycling paying from the $800 - $1200 range and get a pretty decent setup. Even if you spend more (in the $2-3000 dollar range) you can get a really nice set up. Of course if you wanted to buy a used bike then all these numbers would drop. If I bought cheap used clubs for $200 (not really fair because I am looking at crappy used clubs vs. a decent bike). The cost of entry would be lower, BUT you are forgetting one very important thing. I can use my bicycle as must as I want for free after that initial cost. Golfing costs me money every time I want to go play ranging from $8-10 to hit golf balls to $40+ to actually play at a real course. A well maintained bicycle will last at least 8 years even riding it pretty hard.

Fixed costs
$2000 for bike
$300 for clothes, shoes
Annual costs
$200 for maintenance (if you are able to do it on your own this would come down)
5 year total cost = $3300

Fixed costs:
$200 for used golf clubs just to go with your scenario
Annual Costs:
$750 for 15 rounds of golf at $50
$240 for 30 set of balls at a driving range $8
5 Year total cost : $5150
Keep in mind that with bicycling I can ride 3+ times a week. I would also argue that cycling is a better workout as well. Your crazy contrived situation is absurd. I am in a group with a number of people and all their bikes range from $600 to maybe $2000. Some of the bikes are well over 15 years old and none of us really care. The only reason you need to spend that much is if you are a) a professional or b) need to keep up with the Joneses.

about 6 months ago

Ask Slashdot: System Administrator Vs Change Advisory Board

dremspider Get a vulnerability scanner (294 comments)

Buy something like Tenable Nessus or Rapid7. Make reports very easy and works across Windows, Linux, Cisco, etc. If you get Security Center it will track changes over time and you can see trends over time with patching.

about 7 months ago

Interview: Ask Theo de Raadt What You Will

dremspider Any plans of getting a proper auditing daemon? (290 comments)

I know there is systrace, but that really isn't what I am looking for. Will there be plans to have a proper auditing daemon be able to monitor system calls in a log file? Being security centric, I would think this would be something high on the list. I know it puts a lot more load on the system and may be difficult for smaller systems, but auditd logs are considered good practice in Linux and FreeBSD. Any chance this will make it into OpenBSD at some point?

about 8 months ago

FreeBSD Developers Will Not Trust Chip-Based Encryption

dremspider Re:Wise (178 comments)

Oh ye wise and knowledgeable anonymous coward. Pray tell how would like them to store the key to verify the server on another system? If they break into your system as root who the heck cares that they can now masquerade as your system? They already have access to YOUR system so what more damage can they do by man in the middling you as well? Tell us what you would do to fix it and what benefit it would provide.

about a year ago

If You Want To Code From Home, Learn JavaScript

dremspider Re: Or properly learn C++, move to DC (152 comments)

$120K is also an exaggeration. Very few people are making that kind of money in DC. *Source: I have been working in the area for a number of years.

about a year ago

Ask Slashdot: Best SOHO Printer Choices?

dremspider Re:laser all the way (381 comments)

With my family it was the opposite. We printed so little that all our cartridges would dry up. The cartridges generally only last about a year assuming you don't use them up before that so we would print maybe 100 pages/year and then need to buy $70 worth of cartridges which comes to $.70 per page. An outrageous amount.
With toner I bought an all in one networked with a duplexer (black and white) for $150 and the starter cartridge will probably end up lasting us years therefore in a little over two years the printer will pay for itself. I can get refilled cartridges for about $30 that supposedly last 3K pages. Even if I buy the OEM cartridges that last 3K pages I will probably never have to buy a cartridge again at our current rate of printing before the printer breaks.

1 year,28 days

Ask Slashdot: Best SOHO Printer Choices?

dremspider I have an older one of these... (381 comments)

Canon All in one. The printing works easily in Linux. You install a driver and it just works in Ubuntu. I never got the network scanning to work in Linux though. Works well in Windows as well. I don't use the wireless option (it is hard wired into my network). I have heard people complain about the wireless strength in reviews.

1 year,28 days

Book Review: The Practice of Network Security Monitoring

dremspider Re:Pay Attention To Your Network! (15 comments)

I personally have an oscilloscope hooked up to my network as an IDS. I have been staring at it for 3 days straight now as my co-worker has been off. Still haven't seen any computer attacks yet, but I will be ready!

about a year ago

Tiny $45 Cubic Mini-PC Supports Android and Linux

dremspider Re:smaller isnt always better (197 comments)

You can connect into the serial port (same cable as most phones use) and then use putty to serial in on the 2 higher end devices. It is very nice and works well. You can also use SSH once it is all set up. I have the older unit.

about a year ago

Tiny $45 Cubic Mini-PC Supports Android and Linux

dremspider Some insight into their prior unit. (197 comments)

I have their older 700MHz unit (single core) 2 GB of memory I bought not too long ago (of course, that is how it always works). So far the unit has actually exceeded my expectations and is a lot of fun to play with. For me I wanted something that I could install Kali Linux on (the successor to Backtrack Linux) to do some simple type attacks on a network (I teach part time at a community college an information security class). First what I don't like: The shipping comes for Isreal. The price of shipping is $30 which raises the cost of the product. That they came out with a new one shortly after I already bought one that includes a lot of features I wanted. What I like: Gigabit ethernet They have this thing called u-boot which is pretty slick. You stick a file on a usb memory stick and stick it into the top USB port. Connect the ethernet and then boot up and it asks you what OS you want to install. You can select Ubuntu, Opensuse, Fedora, XBMC and a bunch more and it just installs them to the SD card. Very slick. It has the ability to serial into the unit so you don't have to set up a mouse, keyboard and monitor to install OSes. Works in Linux and Windows (with putty fine). I can then do SSH X forwarding really easy from the network if you want a GUI. I have been able to run a slew of python things on it and the performance is reasonable. I really have been having fun with it.

about a year ago

Amazon Angling For Same-Day Delivery Beyond Groceries

dremspider Re:Maybe they deserve it (193 comments)

My favorite example of this is Best Buy. Best Buy online now has prices that sometimes beat Amazon, particularly on games but their stores do not. I went online and saw Best Buy had and item for $30. Went to the store and it was $40. I was then told that Best Buy doesn't price match their own website, wtf? So from my phone, I ordered it and did the pick up from store option. Told the person that I got it online and they went back retrieved the item for me and I walked out paying $10 less.

about a year ago

T-Mobile Wi-Fi Calling Was Vulnerable to Trivial MITM Attack

dremspider Of course.. (24 comments)

This vulnerability is in a TON of software. Python 2.X (which most people are still using) doesn't even allow you to verify the CN without adding a bunch of code to make it happen yourself. Most APIs allow you to do it both ways, but I think it is time that they stop making it optional. If you want to use SSL, use it properly otherwise it isn't worth wasting your time with it.

about a year and a half ago

White House Urges Reversal of Ban On Cell-Phone Unlocking

dremspider Re:buy it on installment plan (256 comments) T-mobile is rumored to be doing just that. They already kind of do with their value plans and having you bring your own phone. We switched to it recently from Verizon and bought two Nexus 4 phones. I have calculated that if I keep the same phone for three years which I feel is reasonable we will have saved $1200 over the three year period. The only issue is we had $750 to lay out up front which most people probably don't have. Our new plan has 1000 minutes which we will never touch vs. Verizon's unlimited and 2GB per phone vs 2GB shared on Verizon (which we probably would have broken that mark occasionally). So far the coverage has been fine but we live in a major metropolitan area so I have no idea what it it is like outside of that.

about a year and a half ago

Ask Slashdot: What Video Games Keep You From Using Linux?

dremspider This is a loaded question (951 comments)

The real question should be... what games do you want now, and in the future. Just getting all games to work that I want now doesn't really help me when Awesome cool game 15 comes out and I really want it. This is coming from a person who has been using Linux for years.

about 2 years ago

Ask Slashdot: Should Developers Install Their Software Themselves?

dremspider No. (288 comments)

When the developers leave and their is no documentation and the thing blows up... No one will know how it works. With handing the product and the documentation off to someone else this provides a final check on the documentation to ensure that the documentation doesn't suck. Developers tend to intimately know their product well and therefore will be likely to leave out steps in the documentation, because they know how to do it anyway. I have seen this a number of times. When they leave it takes reverse engineering to figure out what was done. I am a big proponent of documentation. Here is how I think it should be done:

-Development happens where they are able to test using a test environment
-Developers hand off everything to the System Admin (SA) who will install it. They then install it on a test environment as well.. If there are issues found work with the developers to solve the issue, correct the documentation and proceed to step 3.
-Install in production.

The only issue with this is step 1 and 2 can sometimes become filled with accusations. SAs think the product sucks and Developers think that the SAs are idiots who need everything spelled out for them. It becomes a lot worst when the developers are contracted out (which is common). This needs to be avoided, both parties should see themselves as working together to create a better product.

more than 2 years ago



Decreasing cost of IT in the Federal Government.

dremspider dremspider writes  |  more than 5 years ago

dremspider writes "How the federal government could save money on IT by increasing collaboration of federal agencies through Open Source. By requiring agencies to open source their products it will be possible to quickly lower costs across the board for all agencies. This details why the government needs to be considering opening up their applications."
Link to Original Source

A technical career in information security?

dremspider dremspider writes  |  more than 5 years ago

dremspider writes "I have been working as the life as a System Administrator since getting my undergrad degree for a few years. I really enjoy what I do and I like the hands on life of being an SA. I have been enrolled in a Information Security Masters which I attend part time. The master's is very technical (under the CS dept.) with a lot of programming. The problem I have is a lot of jobs I have been seeing in security seem to be more managerial/pencil pusher. My question is if I want to remain technical will I do better not continuing to pursue a degree in Information Security?"


dremspider has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?