Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Windows RT 8.1 Update Pulled From Windows Store

man_of_mr_e Re:They Just Can't Catch a Break (178 comments)

Yeah, especially since MS *DID* in fact release 8.1 RTM to developers early. So the question posed in the article is based on a false premise.

about 9 months ago
top

New Standard For Website Authentication Proposed: SQRL (Secure QR Login)

man_of_mr_e Re:Better look again... apk (234 comments)

WTF? Are you really just this stupid? What exactly do captcha's have to do with password brute forcing?

Nothing, idiot. So STFU.

about 9 months ago
top

Ask Slashdot: What Are the Hardest Things Programmers Have To Do?

man_of_mr_e Re:Maths (473 comments)

The hardest thing programmers have to do is think like non-programmers. Or maybe even think like someone other than them.

None of these things are rocket science. Some of them are computer science, but that's kind of the point.

Programmers are typically forced to develop software to demanding schedules which leave no room for the things in the list. They CAN do those things, they are just never given the time to do them.

Yes, many programmers won't do them even if given the time, or will goof off if given the time until they have to write crap code to meet the deadline, but that's a different story. Or maybe not.

The hardest thing a programmer has to do is Think like someone else, Not goof off when you think you can get away with it, and to push back to have the time to do the things that are necessary to write AND MAINTAIN good code.

Of course, circumstances vary. The difference between a startup succeeding and failing may in fact require being first to market with crap code. But at some point, you have to pay back the technical debt you build up.

Ok, so lets add that to the list as well.

Oh, and making end users understand the impact of their crazy changes.

about 9 months ago
top

New Standard For Website Authentication Proposed: SQRL (Secure QR Login)

man_of_mr_e Re: Steve Gibson is a... (234 comments)

How exactly is it a "comprehensive analysis" if it ignores dictionary attack strength?

How is it "comprehensive" if it ignores the fact that an attack can be crafted specifically for this technique?

All it discusses is brute force, which is pointless beyond a few characters.

about 9 months ago
top

New Standard For Website Authentication Proposed: SQRL (Secure QR Login)

man_of_mr_e Re:"Nobody does 'brute forcing'", eh? (234 comments)

You should read your own links moron.

Usernames are not passwords. They're brute forcing usernames (which tend to have a much smaller keyspace because they usually have limitations on what they can contain, and they are usually case-insensitive) and likely using dictionary attacks for passwords.

None of your links say otherwise.

about 9 months ago
top

Visual Studio 2013 Released

man_of_mr_e Re:zero cost? (198 comments)

The prompt also had a link to skip logging in. You should pay more attention.

about 9 months ago
top

Visual Studio 2013 Released

man_of_mr_e Re: TFS... (198 comments)

Ummm... How can you on one hand talk about your giddiness of moving to Git, and then complain about how things aren't accessible in VS? You have to drop to the git command line for a lot of things...

about 9 months ago
top

Visual Studio 2013 Released

man_of_mr_e Re:Learning this dross (198 comments)

TFS does bug tracking. If they're not using it, that's their fault. It has change set integration (tying work items to changesets), and agile templates, although they're pretty out of date as agile has come a long way_

VS 2010 and TFS 2008 are dated, but they give you the tools you need. Bugzilla and Trac may have more features, but that comes at the cost of ridiculously complex interfaces which mere mortals can't figure out how to use (non-developers).

TFS has a web interface to allow end users to enter bugs, and there's a stand-alone client if they want to use that.

There are also tons of tools to integrate with more featureful tools like Jira and Trac, so you can map workitems and changesets, etc..

This isn't meant as a sales pitch, just that it *DOES* do what you need it to.. and there are ways to introduce better tools and still integrate.

about 9 months ago
top

Visual Studio 2013 Released

man_of_mr_e Re: Who cares? (198 comments)

Actually, the real question is... WTF are you talking about?

about 9 months ago
top

Visual Studio 2013 Released

man_of_mr_e Re: Who cares? (198 comments)

Nuget gets broken when using the standard mode. Part of the problem is that when you check in, it doesn't automatically select all files for checkin, and most people don't pay attention.

This is why the new(er) Package Restore mode works so much better (on top of not filling up your version control database with binaries).

The UI was largely addressed after a couple of months by a new version of the Theme Switcher and a hack to add in color icons. Many of the icons in 2013 are still monochrome, but a large number of important ones are color, and that helps.

about 9 months ago
top

New Standard For Website Authentication Proposed: SQRL (Secure QR Login)

man_of_mr_e Re:That's how I say SQL (234 comments)

I've always pronounced it Post-Grey-Sequel

about 9 months ago
top

New Standard For Website Authentication Proposed: SQRL (Secure QR Login)

man_of_mr_e Re: Steve Gibson is a... (234 comments)

Gibson has not learned his lessons. You want a laugh? Check out one of his more recent attempts at "security"

https://www.grc.com/haystack.htm

His argument is based totally on pure brute force, which nobody does. The danger comes from dictionary attacks, and i'm pretty sure this technique can be easily accounted for and a "Haystack" password cracked in a matter of days, if not hours.

The guy just doesn't understand that his problem is not that he's not smart... it's that he doesn't share his ideas with others before he pontificates on them.

about 9 months ago
top

Mozilla Planning Firefox Metro For Windows 8 On December 10

man_of_mr_e Re:what?! (179 comments)

No you won't. If you really were going to, you'd do it now. Not wait for some magical date to make your ultimatum go into place.

People like you have been making this empty threat since DOS every time there's a major change.

about a year ago
top

Ask Slashdot: Best/Newest Hardware Without "Trusted Computing"?

man_of_mr_e Re:What? (290 comments)

If your laptop contains the credit card and health information for 1 million users, yes. It should be your biggest concern. If your laptop contains sensitive corporate information trusted to you, it should be your biggest concern. If your laptop contains information you wouldn't want public, it should be your biggest concern. If your laptop contains anything about anyone THEY wouldn't want public, it should be your biggest concern. If it contains your pr0n collection, then probably not.

The stuff in your wallet is easily cancellable and easily replaced (other than the actual cash, and any information you might have written on a scrap of paper), the stuff on your laptop, once out there in the wild.. probably not.

Regarding your USB dongle, are you certain you will *ALWAYS* remember to remove the dongle and pack it separately? What happens if you are forcibly required to give up your usb key (say, when crossing a border, and the oppressive government believes you may be a dissident or spy).

Certainly, you can still be forced to give up your password if you are willing to. But it can't be taken from you, unlike a dongle. And the master keys can't taken from a TPM if the system is shut down and correctly configured. (there are some attacks under certain conditions that can lead to exposure, but that's an implementation issue which you can control through careful selection of hardware).

about a year ago
top

Ask Slashdot: Best/Newest Hardware Without "Trusted Computing"?

man_of_mr_e Re:What? (290 comments)

How... convenient.

The only systems I know of that ship with TPM's are business class systems, not your normal laptops you get at newegg, amazon, or best buy.

about a year ago
top

Ask Slashdot: Best/Newest Hardware Without "Trusted Computing"?

man_of_mr_e Re:What? (290 comments)

Yes, you can do FDE without a TPM, but it's nowhere near as convenient, or as secure (because inconvenience breeds insecurity). You either have to type in a boot password (as well as a login password), or you need to use a hardware dongle like a USB drive, which you will probably keep with your laptop anyways and it will probably get stolen with the laptop..

The point of the TPM is that it provides secure key storage, so you need only enter your normal login password once to unlock all secured devices. It also provides cryptographically secure randomness for better security.

about a year ago
top

Ask Slashdot: Best/Newest Hardware Without "Trusted Computing"?

man_of_mr_e Re:TPM often left off (but can work FOR you). (290 comments)

Really? I can't find a single laptop, that isn't specifically targeted at enterprise volume customers, that ships with a TPM.

If almost all do, then you should be able to easily point out a few hundred. A dozen? 5? 1?

I'll wait.

I highly doubt that TPM 2.0 will be a requirement.. especially since TPM 2.0 isn't even a finished standard yet. And even when it is, the added cost will be a huge burden for OEM's and they will push back.

about a year ago
top

Ask Slashdot: Best/Newest Hardware Without "Trusted Computing"?

man_of_mr_e Re:Why? (290 comments)

Who says I know nothing about the internal workings of the chip? TPM chips conform to international standards, specifically TCG, which in turn works with IETF, ISO, and the CC.

In particular, the TPM 1.2 standard is published as ISO/IEC 11889 Parts 1-4, and are completely available to you to read and understand.

On top of that, TPM chips are audited and certified by the TCG to ensure they follow the standard.

Of course you can keep pretending otherwise.. i'm sure you will...

about a year ago
top

Ask Slashdot: Best/Newest Hardware Without "Trusted Computing"?

man_of_mr_e Re:What? (290 comments)

I know of no PC's being sold with TPM chips that are not specifically ordered with them. As such, it's easy to get hardware with a TPM, you don't specially order it. There, done.

Fact is, every laptop SHOULD come with a TPM, for full disk encryption security. Yes, yes, blah blah blah, it can be hacked with an electron microscope and a laser scalpel while standing on your head during a blue moon.. so it's useless!

Fact is, if you have a TPM, and you encrypt your disk and use the TPM to secure your keys, then the odds of your data getting in anyone elses hands if your laptop is lost are essentially nil, regardless of whether or not a TPM can be hacked, or whether or not any disk encryption scheme can theoretically be defeated. Perfect security is not practical in such applications, even if it was possible, so we have to make due with simply strong security.

about a year ago
top

Ask Slashdot: Best/Newest Hardware Without "Trusted Computing"?

man_of_mr_e Re:What? (290 comments)

A lot of computers? Name one. Go ahead. I'll wait.

Fact is, I want a TPM, and I can't find a single commercial off the shelf Windows PC that ships with a TPM. Every vendor says that they are an option that must be specially ordered.

So please, point me to these computers that are forcing TPM's on us, i'll buy 10 tomorrow..

about a year ago

Submissions

top

Software firewall recommendations?

man_of_mr_e man_of_mr_e writes  |  more than 6 years ago

man_of_mr_e (217855) writes "I've spent the last year looking at software firewalls. My needs, while not overly complex, are a bit unconventional. I've checked out Smoothwall, IPCop, pfSense, m0n0wall, untangle, vyatta, etc.. Many of them claim to have features that just don't work. For instance, Vyatta claims to have outbound load-balancing, but there are many posts in their forums from people unable to get it to work, and the very active Vyatta support staff seem to all but ignore these questions.

I have about a dozen isolated DMZ's on VLANS's that need to NAT to the internet connected via a managed switch to a single NIC in the firewall machine with VLAN Tagging. I also have an internal trusted LAN (not on a VLAN, but isolated on it's own subnet with a dedicated NIC in the firewall machine). I have two ISP connections to the internet, one is a cable modem, the other is a microwave link and both have their own NIC. The Microwave link has a /28 block of IP addresses which map to machines on the DMZ's. The internal trusted LAN NAT's through the cable modem. However, when the cable connection goes down, I need it to failover to NAT on the microwave link. When the cable connection comes back I need it to restore the original NAT. I don't care about the dropped connections because of this.

You'd think this would be a problem easily solved by any of the major firewall projects. A $200 Sonicwall does precisely this, but unfortunately there is a bug in the sonicall OS that causes it to stop failing over after 24 hours, and they seem uninterested in fixing it. None, so far, have worked.

So what I'm asking is if there is a full-featured firewall software firewall product out there that i'm missing? It doesn't have to be open source (but that would be preferable). I'm certain I could build something from any basic Linux system to do this, but i'm looking for something that's supported by more than just myself. It needs to handle my configuration. And it has to work."

Journals

man_of_mr_e has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>