Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Former NSA Chief Warned Against Selling NSA Secrets

jasno Poor guy... (138 comments)

So the poor general can't participate in the usual dance of former Washington insiders who use cronyism and connections to enrich themselves after 'serving' in government?

There should be a name for that... like 401(c)... where c stands for crony capitalism.

about a month ago
top

The Security Industry Is Failing Miserably At Fixing Underlying Dangers

jasno No one cares... (205 comments)

I've got over a decade of working on networked, embedded devices. With the exception of content security, I have never in my recollection been on a project where a significant effort was devoted to the security of the system.

I've worked for a company who made devices which process electronic payments. I asked them about security and whether they ever did an audit. The SW veep's response was "We use SSL."

No one wants to think about it. Security is a hard problem and it blows budgets. Forgetting about security during development rarely(never, really) costs anyone a job.

Marketing and management need to require it before the money generates the will to fix it.

about a month ago
top

Supermicro Fails At IPMI, Leaks Admin Passwords

jasno Re:Ugh... (102 comments)

Not always... We need the horsepower for some jobs we're doing, and we have a GUI. Not all 'servers' are locked in racks and hidden away from the world

about a month ago
top

Supermicro Fails At IPMI, Leaks Admin Passwords

jasno Ugh... (102 comments)

Working on a product based around these now...

As far as I can tell, the Nuvoton WPCM450 is what contains the Matrox G200ew clone for graphics output. Thanks to XAA being discontinued in X.org, the MGA driver is practically unusable for X at this point(even with an ancient, 2d window manager).

Yet another reason to avoid this hardware.

about a month ago
top

3-D Printing with Molten Steel (Video)

jasno Re:Wow (104 comments)

If you think you can't train a computer vision system to do it... Sure, maybe it's 20 years before it's cost effective(although for underwater welding...), but it's coming.

If you can boil it down to an algorithm, however complicated, you can get a computer to do it.

Eventually the computer does it better, because it has more sensors than you, thinks faster, has finer muscle movements, and can execute more complex algorithms than you can.

We're about to see this with driving.

about a month ago
top

3-D Printing with Molten Steel (Video)

jasno Re:CNC (104 comments)

Nah, you recycle the waste. It wastes energy, because you're casting more metal than you need only to spend the energy tearing it apart and recycling it, but the metal, minus some oxidation, should recycle fairly easily.

about a month ago
top

3-D Printing with Molten Steel (Video)

jasno Re:Wow (104 comments)

Cool, sounds like a job for sensors and algorithms.

"Anything you can do I can do better..." sung the old computer...

about a month ago
top

Geophysicists Discover How Rocks Produce Magnetic Pulses

jasno I'm not RTFA... (72 comments)

Why is it that the holes can move but the electrons can't? I thought holes were just places where electrons could be but aren't, so moving holes implies movement of electrons.

about 2 months ago
top

Printed Circuits as Part of a 3-D Printed Object (Video)

jasno Electrets? (42 comments)

Anyone familiar with the physics of electrets? I was thinking a while back that you could freeze a charge in cooling PLA or other plastic being used for printing. I looked around and some guys talked about it briefly a few years ago but never really explored it.

It seems like it might come in handy to bake electrets into your design. If nothing else, you could make half of a position sensor without having to glue on a magnet or something. I seem to remember hearing that the electret effect is influenced by mechanical strain, but it might make the charge bleed off and ruin the electret.

I doubt you could put enough charge in to allow you to make a motor or speaker, but who knows....

about 2 months ago
top

Report: Samsung Building VR Headset For Its Phones & Tablets

jasno Re:What If (49 comments)

What have they done? Show me their inventions which have advanced the state of VR. What do they have? The cheap plastic lens to increase FOV? (Despite being obvious to anyone looking to cost-reduce during consumerization.)

Certainly they have done something? No?

Samsung may not have announced it, but they'd be working on it.

I don't have a dev kit. So what? I bet it's awesome. That isn't the point. Or maybe it is... the point being that OR created zealots by showing you prototypes built out of commonly available components. It isn't that OR created that magic, it's that the magic is enabled by cheap, high-res displays and low-latency sensors that *everyone* has access to.

LIke I said in a previous post, it is because of OR that we're talking about VR in 2014, but even without OR we'd be wearing it in 2016.

about 2 months ago
top

Report: Samsung Building VR Headset For Its Phones & Tablets

jasno Re:It.. can't be true! (49 comments)

Palmer sounds like a narcissist. He's crazy if he thinks he or his company is solely responsible for driving VR.

He jumped the gun and showed off his companies demo products - a fancy marketing trick if you will. Big deal. VR was coming regardless. Now that the displays and sensors finally allow a product that a consumer can afford there will be many VR devices. The technology is old and proven.

If OR had never existed, we might not be *talking* about VR in 2014, but we'd still be wearing it in 2016.

about 2 months ago
top

Report: Samsung Building VR Headset For Its Phones & Tablets

jasno Re:What If (49 comments)

Or (C) patent it all and license it for free, which would ensure that patent trolls don't move in and cripple the industry.

The amount of 'religion' surrounding OR is starting to reach the level of Apple products. You're all trying so hard to make the company the next big thing but they're just a hardware integrator. They're not your best friend. They aren't on your side. VR was and is coming when the tech allows it. When we all strap VR goggles on it won't be thanks to OR or any one individual behind it.

If you want to raise someone on a pedestal, start with the nameless engineers who dedicated their careers to making displays and sensors smaller, faster and cheaper.

about 2 months ago
top

Report: Samsung Building VR Headset For Its Phones & Tablets

jasno Re:It.. can't be true! (49 comments)

No, VR has been around in many forms for many years, but OR has made huge improvements. Acting like this isn't true shows your malfunction.

Sure, OR made improvements, just like Sony, Samsung, and other companies not fawned upon by the tech media and ignorant techno-fanbois.

Close, but very misleading. OR did serious work in solving major issues with VR.

Oh sweet, just point me to all those patents they're sitting on then...

The article invalidates what you're saying. OR isn't special. They just showed their hand early in an attempt to get free marketing. What they're doing isn't technologically difficult given the advances in things like 3d rendering, compact displays, low-cost motion sensors, and lower-latency inputs.

about 2 months ago
top

Report: Samsung Building VR Headset For Its Phones & Tablets

jasno It.. can't be true! (49 comments)

No! Oculus is the Christ-child! They are the saviour of humanity! They invented VR tech and are the only force for good in the universe.... or at least that's what all the major tech publications keep trying to ram down my throat.

VR is old hat. The interesting stuff was patented decades ago. Oculus is just one of dozens of companies that will be leveraging lower cost displays and sensors to deliver an acceptible VR experience.

about 2 months ago
top

How Virtual Reality Became Reality

jasno Re:Too lazy, hack my cortex in the summary please (104 comments)

The magic is marketing and timing.

Oculus used the technological leaps which are going to enable many companies to produce affordable, low-latency VR displays. Then they allowed people, including marketing and media folks, to play with their alpha-quality hardware, generating tremendous excitement.

Oculus is just another hardware company. Given that they have so much expertise under one roof, they may solve some of the integration issues better than others, but they really aren't doing anything new on a grand scale.

about 2 months ago
top

How Dumb Policies Scare Tech Giants Away From Federal Projects

jasno Isn't it obvious? (143 comments)

Commercial software and 'cutting edge' tech companies work fast and loose. We just need to make shit work, not necessarily adhere to page after page of specifications. That is the polar opposite of government work. There's no way in hell I'd want my company to take me away from the high-return world of hack programming and force me to read pages of documentation and requirements for each line of code I write.

about 3 months ago
top

Average American Cable Subscriber Gets 189 Channels and Views 17

jasno Same problem as always... (340 comments)

Wife is addicted to crap TV. I would cancel my $200/mo U-Verse service in a second if she'd let me.

about 3 months ago
top

Michael Abrash Joins Oculus, Calls Facebook 'Final Piece of the Puzzle'

jasno Re:Not much (232 comments)

Well, I think both augmented reality and head-mounted displays in general will be hugely successful in the next few years. If nothing else, it will become the defacto way to watch 3d content like movies and sports. Just wait until you get to watch a game via the 'ball cam'! Immersive 3d, not the shitty TV or movie version, is really going to propel 3d content into the mainstream.

Then you have games. Imagine a wireless head-mounted display that connects to your smartphone. Suddenly the small screen is no longer the limiting factor. You can have rich, immersive worlds on the go.

What remains to be seen is how profitable the market will be.

about 4 months ago
top

Michael Abrash Joins Oculus, Calls Facebook 'Final Piece of the Puzzle'

jasno Re:What's so special... (232 comments)

No, Apple had patents. TiVo had patents. If Oculus doesn't have patents, there's a good chance they'll be only a memory in a few years.

about 4 months ago
top

Michael Abrash Joins Oculus, Calls Facebook 'Final Piece of the Puzzle'

jasno What's so special... (232 comments)

Does anyone know what's so special about Oculus? Do they have some intellectual property that will make them money, or are they just improving on 30 year old ideas?

It seems to me that all we're waiting for are component prices(high res, compact LCDs and accurate, fast sensors) to drop. Sure, there will be some software work, but we already have stereoscopic support in game engines and now 3d media content.

Sure, there will be a lot of work crafting new interfaces and presentation schemes, but that's all software and design, not hardware.

about 4 months ago

Submissions

jasno hasn't submitted any stories.

Journals

top

Firewall config

jasno jasno writes  |  more than 10 years ago

This is my current firewall config.. comments appreciated!

#!/bin/sh
#
# Firewall script for 3 interface router.
#
IPT=/sbin/iptables

INET=eth0
IDMZ=eth2
ILAN=eth1
DMZNET=10.10.2.0/24
LANNET=10.10.1.0/24

# Forward the following ports to the DMZ host
TCPFWD="ssh www https 8000 8001"
UDPFWD="5121"

# Turn off forwarding
echo 0 > /proc/sys/net/ipv4/ip_forward

modprobe ip_tables
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp
modprobe ip_nat_irc
modprobe ip_conntrack_irc

###############################################################
# Setup /proc interface

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

# Disable Source Routed Packets
for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do
        echo 0 > $f
done

# Enable TCP SYN Cookie Protection
#echo 1 > /proc/sys/net/ipv4/tcp_syncookies

# Disable ICMP Redirect Acceptance
for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do
        echo 0 > $f
done

# Don't send Redirect Messages
for f in /proc/sys/net/ipv4/conf/*/send_redirects; do
        echo 0 > $f
done

# Drop Spoofed Packets coming in on an interface, which if replied to,
# would result in the reply going out a different interface.
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
        echo 1 > $f
done

# Self explanitory
echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses

# Log packets with impossible addresses.
#for f in /proc/sys/net/ipv4/conf/*/log_martians; do
# echo 1 > $f
#done

###############################################################
# Flush all chains and delete user chains

for i in filter nat mangle
do
$IPT -t $i -F
$IPT -t $i -X
done

# Default policy is to drop
$IPT -P INPUT DROP
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD DROP

###############################################################
# Stealth Scans and TCP State Flags - Are these needed?

# All of the bits are cleared
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A FORWARD -p tcp --tcp-flags ALL NONE -j DROP

# SYN and FIN are both set
iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A FORWARD -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP

# SYN and RST are both set
iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN,RST -j DROP

# FIN and RST are both set
iptables -A INPUT -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
iptables -A FORWARD -p tcp --tcp-flags FIN,RST FIN,RST -j DROP

# FIN is the only bit set, without the expected accompanying ACK
iptables -A INPUT -p tcp --tcp-flags ACK,FIN FIN -j DROP
iptables -A FORWARD -p tcp --tcp-flags ACK,FIN FIN -j DROP

# PSH is the only bit set, without the expected accompanying ACK
iptables -A INPUT -p tcp --tcp-flags ACK,PSH PSH -j DROP
iptables -A FORWARD -p tcp --tcp-flags ACK,PSH PSH -j DROP

# URG is the only bit set, without the expected accompanying ACK
iptables -A INPUT -p tcp --tcp-flags ACK,URG URG -j DROP
iptables -A FORWARD -p tcp --tcp-flags ACK,URG URG -j DROP

###############################################################
# Setup rules for connecting to the gateway itself

# Loopback is trusted
$IPT -A INPUT -i lo -j ACCEPT

# Allow related packets from any interface
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow all connections from LAN
$IPT -A INPUT -i $ILAN -j ACCEPT

###############################################################
# Setup rules to allow the internal nets to access the internet

# Allow LAN to connect to anything
$IPT -A FORWARD -i $ILAN -j ACCEPT

# Allow all traffic going from DMZ to outside
$IPT -A FORWARD -i $IDMZ -o $INET -j ACCEPT

# Only allow return traffic back inside - '-o ! $INET' probably not needed
$IPT -A FORWARD -o ! $INET -m state --state ESTABLISHED,RELATED -j ACCEPT

###############################################################
# Setup masquerading

# LAN S-NAT
$IPT -t nat -A POSTROUTING -o $INET -j MASQUERADE

###############################################################
# DMZ Port Forwarding
for i in $TCPFWD; do
        $IPT -A FORWARD -i $INET -o $IDMZ -p tcp --dport $i -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
        $IPT -t nat -A PREROUTING -p tcp --dport $i -i $INET -j DNAT --to 10.10.2.40
done

for i in $UDPFWD; do
        $IPT -A FORWARD -i $INET -o $IDMZ -p udp --dport $i -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
        $IPT -t nat -A PREROUTING -p udp --dport $i -i $INET -j DNAT --to 10.10.2.40
done

###############################################################
# LAN Port Forwarding
#$IPT -A FORWARD -i $INET -o $ILAN -p tcp --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
#$IPT -t nat -A PREROUTING -p tcp --dport 80 -i $INET -j DNAT --to 10.10.1.40

# LAN D-NAT
#$IPT -t nat -A PREROUTING -p tcp --dport 80 -i $IEXT -j DNAT --to 10.10.1.40:8080

# DMZ D-NAT
#$IPT -t nat -A PREROUTING -p tcp --dport 80 -i $IEXT -j DNAT --to 10.10.2.40
#$IPT -t nat -A PREROUTING -p udp --dport 5121 -i $IEXT -j DNAT --to 10.10.2.40

echo 1 > /proc/sys/net/ipv4/ip_forward

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...