×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Ask Slashdot: How Do You Manage Your Passwords?

jakeguffey Re:Keepass (445 comments)

Came here to say this.

I've used KeePass (or, in my case, KeePassX since I'm on *NIX) for about 6 years and it's been great. Encrypted local storage that I can sync between devices if I want, with an Android app (KeePassDroid) available makes life easy. It's also the only approved password storage method where I work.

about 2 months ago
top

Ask Slashdot: What Were You Taught About Computers In High School?

jakeguffey In the midwest (632 comments)

the normal curriculum generally didn't provide any exposure to computers beyond "Keyboarding" and "Computer Applications," meaning MS Office. I graduated from high school in 2006 and there was really nothing made widely available by my school. There was a vocational class for computer operations (only 4 students including myself took it), which was actually quite useful -- intro to networking concepts, intro to programming (VB 6), and all of the information needed to get CompTIA's A+ certification. Throughout the year, I was able to bat ideas around with the teacher, including the idea of making a beowulf cluster (just 3 or 4 nodes) to showcase some of the things computers could be used for. The class was the last half of the day and really helped solidify my basis into computing. At one point, the teacher had the network engineer for the school system come in to teach us how to terminate fiber (which we later ran to provide network access for the machine trades vocational class). I really have some fond memories of that class and to this day, I'm friends with the teacher.

My experience was *not* normal by any stretch, though. As I mentioned, there were only 4 students (later dropped down to just 3) in the class from the entire county. I was the only person from the hosting school (1000-1500 students). The teacher I had that year returned to industry the very next year and, from what I heard, the quality of the class dropped tremendously when his successor took over. To my knowledge, the class is still the same poor quality that it was after he left.

As far as I know, learning anything related to computers in high school (in most midwest counties) is learned the same way as it was a decade or two before -- individuals being motivated to learn for its own sake and befriending others who are like-minded. LAN parties, though passed off as completely useless by parents (more often than not), provide(ed) the greatest source of computing knowledge exposure -- setting up the LAN (and segmenting it from the user's parents' use), troubleshooting why a computer would fail to work, troubleshooting why a pirated game wouldn't run on one machine when everyone else wanted to play, and understanding physical infrastructure requirements (i.e. power) are routinely dealt with in the environment of a high school LAN party, and are directly applicable to industry (with much more learning outside of these parties to fill in the gaps, of course).

about a year and a half ago
top

Ask Slashdot: Best Way To Monitor Traffic?

jakeguffey Wow (338 comments)

So many comments and none of them really answering OP's question. First: Yes, OP needs to ensure that what he's asking for is actually what he wants to do. Now, OP: How about using Open Source IDS/IPS? Something like Bro (http://www.bro-ids.org) could be a good option. It's completely scriptable and keeps track of general information (number of connections, what IP addresses are talking to what others, etc.), but where it really shines is that it alerts on "weird" traffic and since it's scriptable, you can write your own protocol inspection code to look at network streams on the fly and only pull out what matters. To implement this kind of system, I'd put a linux/bsd box inline acting as the network's gateway so everything on the network outbound goes through it, enable routing (linux: add net.ipv4.ip_forward=1 and net.ipv6.ip_forward=1 to /etc/sysctl.conf, bsd: add net.inet.ip.forwarding=1 and net.inet6.ip6.forwarding=1 to /etc/sysctl.conf), configure the firewall as needed (NAT and what have you), and set bro up to look at the traffic. Then I'd define very clearly what traffic I thought was "interesting" and warranted looking into. That traffic I would write some inspection code for and wait for alerts (which can be formatted however you please -- they're just text). Finally: Should an I[DP]S be used for oppression? No. Should this type of solution even be implemented at all on a home network? I think that's an issue that can only be answered by the client. Remember: anything can be used for good or evil. Make sure that anything you build and sell is going to be used for good (as much as you can ensure such a thing, of course). Talk to your client. I have a feeling that training for dealing with social engineering will go a lot further than a custom-engineered DLP system.

about 2 years ago
top

Critical Flaw Found In Backtrack Linux

jakeguffey This is a complete (84 comments)

non-issue. According to the advisory, this particular issue "Spawns a root shell [and h]as not been tested for potential remote exploitation vectors." As has been stated multiple times earlier already, BT is generally used as root locally and (until someone determines remote exploitability) this is a local-only exploit. TFS is wrong. This is not a "critical flaw in BT," but a flaw in WICD that allows privilege escalation. Still something that definitely needs fixed, but if someone has local access to your box, you can pretty much assume they already have root.

about 2 years ago
top

Potential 0-Day Vulnerability For BIND 9

jakeguffey Re:A confusing summary on /., let me try to do bet (187 comments)

I am 100% with you up until you say, "I'm amazed how many people run large, production name servers on BIND yet don't have a cheap support contract. If you run BIND, rather than getting your alerts via /. look into a support contract so you get them directly from the vendor." I have a couple issues with this. The first is simply that it's perfectly reasonable to expect a good UNIX admin to handle BIND without issue for generalist deployments. The other issue I have is that you don't need a support contract to get these alerts. Sign up for the bind-announce mailing list (link: https://lists.isc.org/mailman/listinfo/bind-announce). Again, I'm totally with you up until the end there.

more than 2 years ago
top

Making Science and Math Kid Friendly?

jakeguffey Re:Computer use in Schools (620 comments)

I wasn't very clear. I meant having lesson plans that were followed in class with the aide of computers (Powerpoint, Individual research for open class discussions, etc.).

about 10 years ago

Submissions

jakeguffey hasn't submitted any stories.

Journals

jakeguffey has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...