Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

After Negative User Response, ChromeOS To Re-Introduce Support For Ext{2,3,4}

kaiser423 Re:Please explain the outrage?? (183 comments)

You fail to realize that this is a product, and some of the scope of the device is defined by what the users do with it, intended or not. I regularly add featuresets or support use cases that are outside of the scope of our device, but are reasonable alternative use cases or scopes. If I didn't do that, and was super rigid and only stuck to our initial plans of the scope, then there wouldn't be much growth or new opportunity in our product.

4 days ago
top

After Negative User Response, ChromeOS To Re-Introduce Support For Ext{2,3,4}

kaiser423 Re:Just think (183 comments)

I already plug up my "regular-ass" USB storage decies into Android via a USB OTG cable. I routinely mount my external 1TB drive into both my Android phone and tablet.

Now I do agree that making apps support use of that space would be nice, but right now all the music, movie, etc apps seem to support it. So, it's nice to be able to transfer across without a computer in the middle.

4 days ago
top

Password Security: Why the Horse Battery Staple Is Not Correct

kaiser423 Re:Mod parent up. (546 comments)

Exactly. There need to be better hooks. I'd love for KeePass or similar to be able to hook into Chrome securely or something like that.

about a week ago
top

Password Security: Why the Horse Battery Staple Is Not Correct

kaiser423 Re:Oh great (546 comments)

Good god, Fidelity kills me. Their password constraints are just arbitrary and crap and totally non-standard. Just waiting for them to get hit, because the password space compared to the number of users is a better ratio than just about anywhere else I can think of.

about a week ago
top

Samsung's Wi-Fi Upgrades Promise Speeds Up to 4.6Gbps

kaiser423 Re:Distance (92 comments)

My guess is that they use that to actually minimize reception distance.

Fun fact: 63GHz is the peak of absorption by the atmosphere. So, when the US was designing low-observable links that they didn't want eavesdropped on, they used that spectrum.

Something similar could be happening here -- it's for devices in the room, and one way to ensure that you don't get room to room interference would be to use a frequency around 60GHz. Well, that and because it's fairly worthless to most major telecoms it's basically an open band.

about a week ago
top

Eric Schmidt: Anxiety Over US Spying Will "Break the Internet"

kaiser423 Re: Or crypto (179 comments)

To be fair, part of the "breaking" is not being able to de-duplicate data. Very large portions of what gets stored in the cloud is redundant. You might well have over 10 million copies of one song on a cloud service. If they're all encrypted with different keys you can't de-dupe and your storage needs rise by 10 million. Ditto for some email lists that millions subscribe to. If you can't de-dupe that email then you have a problem! Personally, I couldn't care less, but there at least is a technical argument. I'm really just waiting on a good private cloud that I can host and regularly backup the binary blob to an external server for redundancy. Maybe if Comcast ever gets off their asses I could have enough upstream to feasibly do something like that. Or if the solution is there, maybe I just upgrade to business class...

about two weeks ago
top

Outsourced Tech Jobs Are Increasingly Being Automated

kaiser423 Re:What was automated? (236 comments)

If you have half a cart or more of groceries it can easily be faster than the self checkout. The self-checkouts usually have space for 1, maybe 2 bags and flip out if you remove bags. Not to mention you're bagging 5-6 bags yourself.

The checkout line usually has a bagger that can bag as fast as they can scan them. In self checkout, I can do the same, but once you start having to shuffle bags you lose the efficiency. So, I just make the call based upon how many groceries I have (and whether I have a kid or not in my arms).

about two weeks ago
top

Why the FCC Will Probably Ignore the Public On Network Neutrality

kaiser423 Re:Changes require systematic, reliable evidence.. (336 comments)

Well, when we invested over $300 billion of our money to get these companies to build networks out and get people access to standard internet like everyone else had. Then after they take your money and get a bunch of new subscribers decide to change how that network we just subsidized building with huge piles of cash and free usage of public rights of way (which can be a larger cost than the $300 billion we outright gave them) in order to make them more money and do a *worse* job of delivering the product to end customers that we just subsidized their build out to, it seems like we might want to have a conversation about whether that's reasonable or not.

about two weeks ago
top

Xen Cloud Fix Shows the Right Way To Patch Open-Source Flaws

kaiser423 Re:Maybe? (81 comments)

Exactly. Good passwords are obscure enough that they make really, really good security. That's kind of my point that obscurity makes a good layer of security and shouldn't just be dismissed by people who like to say "security through obscurity is no security at all", which was what the OP was referring to when he said 'Slashdot users pretty regularly complain about this with bumper sticker wisdom about "security through obscurity"'.

Of course, bad passwords, like "password" even with salts makes pretty poor security, as when someone goes to generate a rainbow table (generally if they have your hash they also got enough access to get the salt too), that will be one of the first generated.

about three weeks ago
top

Xen Cloud Fix Shows the Right Way To Patch Open-Source Flaws

kaiser423 Re:Predisclosure should NOT be the normal practice (81 comments)

Furthermore, people inferred that there was probably a Xen vulnerability from Amazon's downtime, before the official announcement. So how, exactly, was that better than having the Xen project actually announce that fact, with or without details or a patch?

There was no inferring. Amazon made an oops in their announcement and said that it was due to a bug in Xen. If they hadn't named Xen, then people may have inferred Xen but not known. There are quite a few other parts of the stack that can require system reboots.

None of the other Xen hosts specified that it was a bug in Xen until the embargo was lifted, and Amazon has indicated that in the future they won't specify which part of the stack is making them do the reboot. AWS gives users notifications of reboots all the time for various reasons, so all that was out of the ordinary was that it was such a large reboot wave that they made an official announcement.

about three weeks ago
top

Xen Cloud Fix Shows the Right Way To Patch Open-Source Flaws

kaiser423 Re:money talks (81 comments)

No money is required to be a member of the pre-disclosure list.

about three weeks ago
top

Xen Cloud Fix Shows the Right Way To Patch Open-Source Flaws

kaiser423 Re:Maybe? (81 comments)

It seems all pretty reasonable to me. If known exploits are out there, or if the vulnerability is known then the fix gets published right away and there's no two-week embargo. But if it appears that no one else knows about this vulnerability, then the two-week wait seems to be a great policy. Give most people that can keep their mouths shut two weeks to get everything patched up and tested.

I get that a lot of people just chant the "security through obscurity" mantra, but obscurity really is a layer of security. It just shouldn't be your only defense. Hell, a password is a form of security through obscurity -- your salted password hash is just an obscured version of your password. So, as long as the obscurity is managed well, and in this case it appears to be, then we're good. Their document says that even small projects with no money can get on the pre-disclosure list.

about three weeks ago
top

New Research Casts Doubt On the "10,000 Hour Rule" of Expertise

kaiser423 Re:Is that really the point? (192 comments)

I forgot to mention that innate ability can basically jump the building competence step and start you right at, or in very short order, building confidence and mastery. Similarly with non-innate ability, it can hinder the steps. I have absolutely zero musical aptitude, but that doesn't mean that I can't create or curate a love of it and devote significant time to it, despite hating learning about it.

about three weeks ago
top

New Research Casts Doubt On the "10,000 Hour Rule" of Expertise

kaiser423 Re:Is that really the point? (192 comments)

I tend to think of the 10,000 hour rule and Gladwell's observations as this: Competence builds confidence which builds mastery and passion. The first couple thousand hours create the competence. You start to get the feeling that you're getting better than average about this and with confidence you start to reach out some, have some missteps, push your limits, and start to really refine and hone your skills which breeds more competence and mastery and then passion. People love things that they're really good at. Doing that tends to take quite a few thousand hours, with 10,000 being a pretty good round number to ascribe to the process. I've actually turned a couple of things that I absolutely loathed and avoided as a young adult into things that I'm passionate about now, solely because I decided to spend enough effort to get competent at it, and then it ballooned from there.

about three weeks ago
top

New Research Casts Doubt On the "10,000 Hour Rule" of Expertise

kaiser423 Re:So many practice doing it wrong (192 comments)

That is one of my favorite adages. I use that pretty extensively when talking about people, and even when interviewing -- I want to make it known to interviewees that I expect SIGNIFICANTLY more out of my 5 year employees than my 1 year and so on. That if you're not willing to learn and grow then you're going to be finding another job after a couple of years because you'll find that there's not much room for advancement just based upon seniority, at least not in my group.

I loathe people who have had 20 years of experience in a field and yet know significantly less than most of my people with 5 years of experience in the field.

about three weeks ago
top

Google To Require As Many As 20 of Its Apps Preinstalled On Android Devices

kaiser423 Re:It's sad (427 comments)

You'll be happy then. Within the past couple of weeks Google stopped pushing the G+ logins and you don't get one automatically created, and you can browse YouTube anonymously (although you still can't comment).

about three weeks ago
top

Update: Mangalyaan's Main Engine Test Fired, Maven In Orbit

kaiser423 Re:I hadn't heard of Mangalyaan (25 comments)

I forgot to mention comet Siding Spring is making a close approach by MArs, which is expeted to up to *double* the amount of hydrogen in Mar's upper atmosphere and increase drag from 1.4x to 40x normal drag. If it ends up bad, it could drastically shorten Mangalyaan's life and fairly considerably shorten the life of all other orbiters around Mars. That should happen around October 19th. But we might get to see some good pictures of the comet from Mars as well as (although rated as a minimal increase, with minor risk to spacecraft) a nice meteor shower around Mars.

about a month ago
top

Update: Mangalyaan's Main Engine Test Fired, Maven In Orbit

kaiser423 Re:I hadn't heard of Mangalyaan (25 comments)

Yes, it's very interesting. The insertion burn is also going to be very interesting. For those that don't know, the Indian Space Agency has been building a bigger rocket for a while, but its been beset with delays. This orbiter was originally supposed to go on their bigger rocket, but it's not very reliable right now.

So, they put it on one of their smaller rockets. The net of this is that the orbiter itself had to use up most of its fuel just escaping Earth's orbit, leaving very, very little for the actual insertion burn. They're going to end up in a highly eccentric orbit due to not having enough fuel to create a nice circular one. This means that a lot of the time, they're going to be very far from Mars, but when they get close they'll actually dip pretty darn close and those atmospheric sensors will be actually fairly deep into the atmosphere. Sadly, this also means that the orbit isn't as stable as they would like and will degenerate fairly quickly. But, all in all that's quite impressive! If they end up getting a bit more thrust out than planned, they make be able to circularize it a bit more....

about a month ago
top

Apple Denies Systems Breach In Photo Leak

kaiser423 Re:I honestly don't get it... (311 comments)

Why does a PIN have to be sent to you? I have plenty of RSA, Google Authenticator, and other FOB apps on my phone/tablets that I just punch a PIN in for and get my 2FA out of.

That said, it would be great for Andoird/Apple/whomever to introduce a security API that let webpages and other apps request PINs from other installed apps (provided the user authenticates properly) so that you don't have to hop apps. Would be like another password, but one that requires a shared secret that's only on that phone/hardware device. Heck, even have a "simple" version and call it 1.5FA where it just hashes with a shared secret that you have to put on every device the first time you login and then use 2FA for untrusted devices.

about a month and a half ago
top

Apple Denies Systems Breach In Photo Leak

kaiser423 Re:Solution lies with users, not Apple (311 comments)

and like Google's 2FA already does. I love that thing. You have trusted devices/agents, but they also have some extra fun stuff in the background. A couple of times I've taken my trusted laptop that I don't have to enter the 2FA in but once a month to re-authorize it and had Google still prompt for for a 2FA PIN because they noticed it coming from an untypical IP range or some other fuzzy metric that got high enough that they decided to proactively ask for a reauth.

Makes me feel all warm, fuzzy and safe that even if someone steals a trusted device, there's a chance that they can't get in. Google really does security pretty well, not that they don't mess up like everyone else, but I've been pretty happy that they're obviously thinking it through and mitigating as many attack vectors as possible.

about a month and a half ago

Submissions

top

Truly Remote Management

kaiser423 kaiser423 writes  |  more than 5 years ago

kaiser423 (828989) writes "I'm looking to integrate some highly critical solutions into what would essentially be a remote, moving datacenter. No operators will be allowed at the site, and we may be able to have a high-speed INMARSAT data link. As a backup, we're planning to have multiple redundant low-speed Iridium data links.

We've been looking at remote in and out-of-band management solutions, and really have found a ton of products. However, the "low-bandwidth" solutions still exceed our potential Iridum bandwidth (~10kbps). Even if we have the INMARSAT link (192kbps sustained, higher burst), a number of these solutions would hit that limit. We're starting to look at going old-school with some terminal-style applications, but haven't found much of a market for it. PC Weasel looks kind of like it might work, but the demo doesn't work for Windows.

Essentially, we're looking to be able to power up/down and reboot some computers, and be able to start/stop some programs. We're willing to write the terminal interfaces necessary for our programs, and possibly do the remote desktop thing with some of our 3rd party programs. But what is out there that would give us this type of access, work robustly over a high-latency, low-bandwidth stream, and would be tolerant to intermittent network outages? Please hold the pick 2 of the 3 jokes, I know they're contradictory goals; I'm looking for a compromise here! These boxes would regrettably be nearly universally Windows boxes (with some VxWorks). It seems to be a market that died with 56k modems. Does anyone out there remember those days, and have any solutions that they preferred?"
top

Is there OSS Voip Comm-Net Software?

kaiser423 kaiser423 writes  |  more than 6 years ago

kaiser423 (828989) writes "I had been looking at replacing our mission communication infrastructure at my employer. Currently, we have a small panel that allows the operator to switch between talking on 6 pre-defined nets and listening to any combination. It's currently analog, noisy, and not reconfigurable. We've been bumping our heads against its limitations for some time now, and have been looking for a more dynamic, scalable system. I had suggested upgrading to a Voip system, like the Quintron Dices or the Orion Voip system. However, all of these systems are locked-down with no API! We would at least like to be able to programmatically interface with whatever solution we buy, and to roll our own hardware to run the systems where needed. Also, considering that this is mission-critical equipment, we would like to not be totally beholden to a vendor that could lock us in. I have been browsing the Asterisk and other forums, but no one in the OSS community seems to have the same need as me. I am open to rolling my own, but am totally new to the Voip world and am not sure where to start. Do any slashdotters have any suggestions?"

Journals

kaiser423 has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?