Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

'Microsoft Lumia' Will Replace the Nokia Brand

jasno Microsoft... (150 comments)

Microsoft should really consider a re-org that puts their consumer focused products(xbox, phones, etc... not the windows OS though) in a separate division with a different name.

Put aside all of your feelings for Microsoft and just consider for a second how terrible a name like Microsoft is when it comes to cool, fashionable devices. Micro... soft... that's not a name I'd like associated with any kind of status symbol purchase. Sure, it's fine in the enterprise software space where image is less important, but if they ever want to seriously consider competing in the personal electronics space they'll need to change not only their branding but their name.

2 days ago
top

OS X 10.10 Yosemite Review

jasno Re:Well, no one else here said it yet... (303 comments)

Nope, just an old ('08?) 24" iMac. I'm not sure retina would make their poor color choices(the blue folders are horrendously loud) or lack of gradients/shadows.

Nope, didn't backup. It's the wife's desktop, so if it died, nothing of importance would be lost. Besides, I backed up a few months ago when I upgraded to a SSD.

about a week ago
top

OS X 10.10 Yosemite Review

jasno Well, no one else here said it yet... (303 comments)

Upgraded yesterday. I can't comment on the internal changes, but IMHO the new look is ugly. It even looks like the 'X' in the close button isn't centered. I want my old look back.

about a week ago
top

New MRI Studies Show SSRIs Bring Rapid Changes to Brain Function

jasno Re:Interesting (138 comments)

I've tried taking SSRIs a few times over the years for depression/anxiety/OCD. I haven't been able to last longer than 36 hours. I feel like I am experiencing all of the anxiety and uncontrolled mental energy of LSD without any of the good feelings or positive emotions. I think I have a wacko serotonin system. Tramadols get me reallly high(like taking an E pill) and I am very sensitive to serotonin-system drugs like LSD and psilocybin.

about a month ago
top

Dell Demos 5K Display

jasno Re:In other news: Are 4K displays worth getting ye (204 comments)

A lot of folks at work are switching to these and they seem happy.

I'm going for a stand-up desk first. I'll look into the 4k monitor early next year and see how things are then.

about a month and a half ago
top

DoT Proposes Mandating Vehicle-To-Vehicle Communications

jasno Fancy cars... (261 comments)

People wonder how we'll ever convince Americans to give up ownership and switch to rented, self-driving cars...

We'll do it by:
a) Jacking up insurance rates on people who still want to drive
b) Jacking up the price of vehicles by mandating expensive equipment

In 30 years, you won't be able to afford a car, much less afford to drive it. I'm not making a moral judgement here, I just think it's bound to happen.

about 2 months ago
top

Climate Damage 'Irreversible' According Leaked Climate Report

jasno Re:Impacts (708 comments)

I don't have a dog in this race, but I've got to point out that California is actually in a relatively wet period and if it returns to it's formerly dry state then California will be fine. The people, maybe not so much, but California has been much drier in the past.

about 2 months ago
top

Linus Torvalds: 'I Still Want the Desktop'

jasno Re:Well, you have mine. (727 comments)

Yep... and my work machine as well. It all depends on the apps you use. If you are like most people nowadays and only need a web browser then Linux is probably sufficient as a desktop OS.

I should admit that my work desktop does host a windows 7 VM, but that's only because my company chose an IE-only solution for our timetracking tool.

about 2 months ago
top

Put Your Code in the SWAMP: DHS Sponsors Online Open Source Code Testing

jasno Re:Looks good to me (67 comments)

I had a feeling someone would say something like this...

According to TFS, the program is for open source code. You know, the code that is already open and scannable by a web crawler. If the NSA wanted to do this for nefarious purposes(and I'm sure they do), they would have(and probably have) started their own program years ago. They don't need you to upload your open source project for them.

I'm willing to bet the NSA has all the closed-source software source they want as well. I doubt my company's shitty security, for example, is any hindrance to them.

about 3 months ago
top

Put Your Code in the SWAMP: DHS Sponsors Online Open Source Code Testing

jasno Re:Looks good to me (67 comments)

Actually, my first thought is why isn't the NSA doing this?

Securing our nation's information infrastructure is one of their core missions(along with spying on OTHER nations, which I also think they should be doing, instead of spying on US). They have the talent to be able to do it effectively.

about 3 months ago
top

Former NSA Chief Warned Against Selling NSA Secrets

jasno Poor guy... (138 comments)

So the poor general can't participate in the usual dance of former Washington insiders who use cronyism and connections to enrich themselves after 'serving' in government?

There should be a name for that... like 401(c)... where c stands for crony capitalism.

about 4 months ago
top

The Security Industry Is Failing Miserably At Fixing Underlying Dangers

jasno No one cares... (205 comments)

I've got over a decade of working on networked, embedded devices. With the exception of content security, I have never in my recollection been on a project where a significant effort was devoted to the security of the system.

I've worked for a company who made devices which process electronic payments. I asked them about security and whether they ever did an audit. The SW veep's response was "We use SSL."

No one wants to think about it. Security is a hard problem and it blows budgets. Forgetting about security during development rarely(never, really) costs anyone a job.

Marketing and management need to require it before the money generates the will to fix it.

about 4 months ago
top

Supermicro Fails At IPMI, Leaks Admin Passwords

jasno Re:Ugh... (102 comments)

Not always... We need the horsepower for some jobs we're doing, and we have a GUI. Not all 'servers' are locked in racks and hidden away from the world

about 4 months ago
top

Supermicro Fails At IPMI, Leaks Admin Passwords

jasno Ugh... (102 comments)

Working on a product based around these now...

As far as I can tell, the Nuvoton WPCM450 is what contains the Matrox G200ew clone for graphics output. Thanks to XAA being discontinued in X.org, the MGA driver is practically unusable for X at this point(even with an ancient, 2d window manager).

Yet another reason to avoid this hardware.

about 4 months ago
top

3-D Printing with Molten Steel (Video)

jasno Re:Wow (104 comments)

If you think you can't train a computer vision system to do it... Sure, maybe it's 20 years before it's cost effective(although for underwater welding...), but it's coming.

If you can boil it down to an algorithm, however complicated, you can get a computer to do it.

Eventually the computer does it better, because it has more sensors than you, thinks faster, has finer muscle movements, and can execute more complex algorithms than you can.

We're about to see this with driving.

about 4 months ago
top

3-D Printing with Molten Steel (Video)

jasno Re:CNC (104 comments)

Nah, you recycle the waste. It wastes energy, because you're casting more metal than you need only to spend the energy tearing it apart and recycling it, but the metal, minus some oxidation, should recycle fairly easily.

about 4 months ago
top

3-D Printing with Molten Steel (Video)

jasno Re:Wow (104 comments)

Cool, sounds like a job for sensors and algorithms.

"Anything you can do I can do better..." sung the old computer...

about 4 months ago
top

Geophysicists Discover How Rocks Produce Magnetic Pulses

jasno I'm not RTFA... (72 comments)

Why is it that the holes can move but the electrons can't? I thought holes were just places where electrons could be but aren't, so moving holes implies movement of electrons.

about 5 months ago
top

Printed Circuits as Part of a 3-D Printed Object (Video)

jasno Electrets? (42 comments)

Anyone familiar with the physics of electrets? I was thinking a while back that you could freeze a charge in cooling PLA or other plastic being used for printing. I looked around and some guys talked about it briefly a few years ago but never really explored it.

It seems like it might come in handy to bake electrets into your design. If nothing else, you could make half of a position sensor without having to glue on a magnet or something. I seem to remember hearing that the electret effect is influenced by mechanical strain, but it might make the charge bleed off and ruin the electret.

I doubt you could put enough charge in to allow you to make a motor or speaker, but who knows....

about 5 months ago
top

Report: Samsung Building VR Headset For Its Phones & Tablets

jasno Re:What If (49 comments)

What have they done? Show me their inventions which have advanced the state of VR. What do they have? The cheap plastic lens to increase FOV? (Despite being obvious to anyone looking to cost-reduce during consumerization.)

Certainly they have done something? No?

Samsung may not have announced it, but they'd be working on it.

I don't have a dev kit. So what? I bet it's awesome. That isn't the point. Or maybe it is... the point being that OR created zealots by showing you prototypes built out of commonly available components. It isn't that OR created that magic, it's that the magic is enabled by cheap, high-res displays and low-latency sensors that *everyone* has access to.

LIke I said in a previous post, it is because of OR that we're talking about VR in 2014, but even without OR we'd be wearing it in 2016.

about 5 months ago

Submissions

jasno hasn't submitted any stories.

Journals

top

Firewall config

jasno jasno writes  |  more than 10 years ago

This is my current firewall config.. comments appreciated!

#!/bin/sh
#
# Firewall script for 3 interface router.
#
IPT=/sbin/iptables

INET=eth0
IDMZ=eth2
ILAN=eth1
DMZNET=10.10.2.0/24
LANNET=10.10.1.0/24

# Forward the following ports to the DMZ host
TCPFWD="ssh www https 8000 8001"
UDPFWD="5121"

# Turn off forwarding
echo 0 > /proc/sys/net/ipv4/ip_forward

modprobe ip_tables
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp
modprobe ip_nat_irc
modprobe ip_conntrack_irc

###############################################################
# Setup /proc interface

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

# Disable Source Routed Packets
for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do
        echo 0 > $f
done

# Enable TCP SYN Cookie Protection
#echo 1 > /proc/sys/net/ipv4/tcp_syncookies

# Disable ICMP Redirect Acceptance
for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do
        echo 0 > $f
done

# Don't send Redirect Messages
for f in /proc/sys/net/ipv4/conf/*/send_redirects; do
        echo 0 > $f
done

# Drop Spoofed Packets coming in on an interface, which if replied to,
# would result in the reply going out a different interface.
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
        echo 1 > $f
done

# Self explanitory
echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses

# Log packets with impossible addresses.
#for f in /proc/sys/net/ipv4/conf/*/log_martians; do
# echo 1 > $f
#done

###############################################################
# Flush all chains and delete user chains

for i in filter nat mangle
do
$IPT -t $i -F
$IPT -t $i -X
done

# Default policy is to drop
$IPT -P INPUT DROP
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD DROP

###############################################################
# Stealth Scans and TCP State Flags - Are these needed?

# All of the bits are cleared
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A FORWARD -p tcp --tcp-flags ALL NONE -j DROP

# SYN and FIN are both set
iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A FORWARD -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP

# SYN and RST are both set
iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN,RST -j DROP

# FIN and RST are both set
iptables -A INPUT -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
iptables -A FORWARD -p tcp --tcp-flags FIN,RST FIN,RST -j DROP

# FIN is the only bit set, without the expected accompanying ACK
iptables -A INPUT -p tcp --tcp-flags ACK,FIN FIN -j DROP
iptables -A FORWARD -p tcp --tcp-flags ACK,FIN FIN -j DROP

# PSH is the only bit set, without the expected accompanying ACK
iptables -A INPUT -p tcp --tcp-flags ACK,PSH PSH -j DROP
iptables -A FORWARD -p tcp --tcp-flags ACK,PSH PSH -j DROP

# URG is the only bit set, without the expected accompanying ACK
iptables -A INPUT -p tcp --tcp-flags ACK,URG URG -j DROP
iptables -A FORWARD -p tcp --tcp-flags ACK,URG URG -j DROP

###############################################################
# Setup rules for connecting to the gateway itself

# Loopback is trusted
$IPT -A INPUT -i lo -j ACCEPT

# Allow related packets from any interface
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow all connections from LAN
$IPT -A INPUT -i $ILAN -j ACCEPT

###############################################################
# Setup rules to allow the internal nets to access the internet

# Allow LAN to connect to anything
$IPT -A FORWARD -i $ILAN -j ACCEPT

# Allow all traffic going from DMZ to outside
$IPT -A FORWARD -i $IDMZ -o $INET -j ACCEPT

# Only allow return traffic back inside - '-o ! $INET' probably not needed
$IPT -A FORWARD -o ! $INET -m state --state ESTABLISHED,RELATED -j ACCEPT

###############################################################
# Setup masquerading

# LAN S-NAT
$IPT -t nat -A POSTROUTING -o $INET -j MASQUERADE

###############################################################
# DMZ Port Forwarding
for i in $TCPFWD; do
        $IPT -A FORWARD -i $INET -o $IDMZ -p tcp --dport $i -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
        $IPT -t nat -A PREROUTING -p tcp --dport $i -i $INET -j DNAT --to 10.10.2.40
done

for i in $UDPFWD; do
        $IPT -A FORWARD -i $INET -o $IDMZ -p udp --dport $i -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
        $IPT -t nat -A PREROUTING -p udp --dport $i -i $INET -j DNAT --to 10.10.2.40
done

###############################################################
# LAN Port Forwarding
#$IPT -A FORWARD -i $INET -o $ILAN -p tcp --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
#$IPT -t nat -A PREROUTING -p tcp --dport 80 -i $INET -j DNAT --to 10.10.1.40

# LAN D-NAT
#$IPT -t nat -A PREROUTING -p tcp --dport 80 -i $IEXT -j DNAT --to 10.10.1.40:8080

# DMZ D-NAT
#$IPT -t nat -A PREROUTING -p tcp --dport 80 -i $IEXT -j DNAT --to 10.10.2.40
#$IPT -t nat -A PREROUTING -p udp --dport 5121 -i $IEXT -j DNAT --to 10.10.2.40

echo 1 > /proc/sys/net/ipv4/ip_forward

Slashdot Login

Need an Account?

Forgot your password?