×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Google Just Made It Easier To Run Linux On Your Chromebook

mcrbids Why not a full-on Linux environment? (168 comments)

If they are making it easy to run "normal" Linux, why not install the appropriate libs and allow Linux apps to run side-by-side with Chrome apps?

3 days ago
top

Book Review: FreeBSD Mastery: Storage Essentials

mcrbids Re:Not for new users of FreeBSD (75 comments)

Are you switching to BSD just for ZFS?

Learning BSD is probably a good investment, but ZFS on Linux is production/stable and is excellent. I've been using on CENTOS 6 for over a year and it has been even more stable than EXT4 in a production environment.

about a week ago
top

Windows 10: Can Microsoft Get It Right This Time?

mcrbids Re:It doesn't have to get it right (489 comments)

I bought a Dell laptop (Precision M3800) last week from the Dell business laptop dept. The sales guys assumed I'd want Win7 and the laptop (by default) comes with Win7 installed. When I asked about that, they said that it "technically included Windows 8 media" but that everybody wants one running Win7.

I find this quit interesting as Win7 has officially gone EOL. Personally, I plan on running Fedora Linux, but still....

about a week ago
top

How To Hijack Your Own Windows System With Bundled Downloads

mcrbids Re:Application installers suck. (324 comments)

The curated app store only carries "modern" apps. Desktop applications need not apply. A case of snatching defeat from the jaws of victory...

about two weeks ago
top

The Next Decade In Storage

mcrbids Re:Maybe (93 comments)

Get off my lawn, blah blah...

Meanwhile, flash has revolutionized storage. We saw at least a 95% reduction in query times on our DB servers when we switched from RAID5 15K SAS drives to RAID1 flash SSDs. Floppies are history, and 32 GB thumb drives cost $5. SSDs have been catching up to their HDD brethren, now just 2-4 years behind the cost/capacity curve, and spinning rust has just about reached EOL, with Shingled Hard drives that make you choose between write speeds and write capacity being a necessary compromise for increased capacity.

I have no idea why you'd be so dismissive.

about two weeks ago
top

6 Terabyte Hard Drive Round-Up: WD Red, WD Green and Seagate Enterprise 6TB

mcrbids Re:Buy two... (190 comments)

FWIW: RAIDZ can offer 1, 2, or 3 levels of redundancy.

about two weeks ago
top

How Bitcoin Could Be Key To Online Voting

mcrbids Re:Secret Ballot? (480 comments)

You can't have an auditable trail and a secret ballot.

I don't see why these are mutually exclusive. The trick is to set aside the math for the ballots themselves with the math for verifying the ballots.

Let's say you take 100 ballots, and randomize their order. You make hashes of the ballots and hash the sum of hashes. Keep the hash of hashes and you can easily verify that the numbers add up, while simultaneously anonymizing the ballots on a per-voter basis, making it instead 1% likely that any vote can be attributed to one person.

about two weeks ago
top

6 Terabyte Hard Drive Round-Up: WD Red, WD Green and Seagate Enterprise 6TB

mcrbids Re:Buy two... (190 comments)

... or you could set up ZFS with a mirrored vdev and keep snapshots. All the benefits of RAID1, combined with all the benefits of keeping any number of sync'ed disks laying around. If you have many disks, go with RAIDZ and get the reliability of RAID5 too.

If you store lots of data, once you ZFS you'll never want to go back.

about a month ago
top

US Navy Sells 'Top Gun' Aircraft Carrier For One Penny

mcrbids Re:Stupid/Misleading Title (118 comments)

Actually, those $0.02 make all the difference in the world.

1) Sold for $0.01 means that the new owner can do whatever they want with it, including sell it to North Korea for $5, hoping that the NKs have enough to make the check clear.

2) Paid $0.01 means that it's a demolitions contract, and the recipient has obligations to perform a service under specific terms. While many commercial contracts limit liability to the size of the contract, (in this case, $0.01 damages) my guess is that this wouldn't be the case for a DOD contract.

about 1 month ago
top

Minecraft Creator Notch's $70 Million Mansion Recreated In Minecraft

mcrbids Re:Waste (170 comments)

My outrage only applies to people richer than me.

about a month ago
top

Apple and Samsung Already Working On A9 Processor

mcrbids Confuzzling! (114 comments)

So, the cheapest TV stick imaginable has a Cortex A9 processor, so reading about the A9 processor in development by Apple is something that doesn't inspire much in the way of excitement up front for me. But it looks like Apple's A5 is more / less the Cortex A9 with some tweaks, so now we literally have two similar products with the same name that are generations apart.

I know of their technical strength in the low-power scene, and the MIPS/Watt race, ARM still leads by a mile, but ARM could also really stand to have some standards for naming the variants in a semi-consistent way so that the merely technically proficient have a chance of keeping up. And, (dare I say it?) this is what trademarks are for and why they exist.

about a month and a half ago
top

Waze Causing Anger Among LA Residents

mcrbids Re:Sympton of a bigger problem (611 comments)

Buses do nothing when they're stuck in the same traffic everyone else is.

I would take exception to this!

1) Time spent on a bus is time not spent concentrating on traffic. Relax, read a book, maybe do some work.

2) Every person on a bus is a car not on the road, and that results in sharply lighter traffic.

I honestly have no idea why buses aren't free. Putting a bit of economics behind the problem can make a dramatic difference, even eliminating traffic jams completely.

about a month and a half ago
top

The Sony Pictures Hack Was Even Worse Than Everyone Thought

mcrbids Re:Good God! (528 comments)

Note the modifier "business data".... Not videos, not apple pie recipes sent by Aunt Bertha... If you are talking about strategically stored data and not user home folders, the signal/noise ratio is significantly better.

about 2 months ago
top

Ask Slashdot: Convincing My Company To Stop Using Passwords?

mcrbids Job security vs System security (247 comments)

I've found that there's a sweet spot to balancing system security and job security: recommend better practices than currently in place without becoming adamant about it.

If you get the attention of a caring boss, you'll get your implementations, so make sure it's really a good idea and will work well before recommending it. But, more importantly, if they decide not to do it, then you are basically off the hook for responsibility for *any* breaches that occur afterwards. "I recommended a two-factor authentication to prevent data breaches over two years ago, and every quarterly IT review ever since!"

What's odd for me as a developer is how many times I've talked to a tech guy who really "needs" us to add security feature X in our software, and we send over the information to turn it on after we write it, and they *still don't do it* even after they paid for the modification.

about 2 months ago
top

Ask Slashdot: Convincing My Company To Stop Using Passwords?

mcrbids Re:Every 30 days. (247 comments)

There are a few minor tweaks that significantly increase entropy will still not being hard to remember:

1) Don't capitalize the first letter in a word used in a passphrase. Instead, capitalize something in the middle.

2) When adding numbers, add somewhere in the middle of a word rather than between words.

3) If security is really important, spell one longish word backwards before apply 1 and 2.

4) Another trick I've used many times (as a touch typist) is to type words with your fingers slid over one key, left, right, or upleft/upright. Thus a simple, common word like "login" becomes ";phom", "kifub", "o9t8h", or "p0y9j" .

Use of these tricks add tremendous amounts of entropy to otherwise crappy passwords while still being very easy to remember.

about 2 months ago
top

The Sony Pictures Hack Was Even Worse Than Everyone Thought

mcrbids Good God! (528 comments)

Folks, this is 100 TERABYTES of data. At an organizational level, this could represent nearly all business data that makes Sony relevant as a company.

At my company, we have in the neighborhood of 50 million documents stored and, after compression, it still doesn't pass 10 TB of data.

about 2 months ago
top

Aliens Are Probably Everywhere, Just Not Anywhere Nearby

mcrbids Re:Life Everywhere out there? (334 comments)

Planets can't be too close to other stars

This is most likely the biggest one. Being too close to more than one star means higher range of fluctuation.

As a point of reference, a significant number of solar systems are binary systems, making them subsequently less likely to support life.

6. Planet needs to have a core preferably iron to deflect electromagnetic radiation.

Or life exists in gas giants which have thick atmospheres, or beneath the crust.

Although it's tough to consider the possibility of structured life existing at 10,000 atmospheres and 2,000 degrees F, I would imagine it being possible. But, such a life form is *far* less likely to be reaching out into space than we would, as the problem of keeping a "livable environment" in a space ship is at least 10,000 times more difficult. Are there even solid elements at 2,000 degrees F and 10,000 atmospheres?

about 2 months ago
top

Windows 10 Adds Battery Saver Feature

mcrbids Re:triggering below percentage is dumb (96 comments)

Maybe I just avoid horrible "battery saver" apps but I've never seen any particular tendency to have them actually further drain the battery. What kind of horrible "battery apps" do you torture yourself with?

I'd like to re-emphasize the GP post: the rate of drain is what a battery app should be focusing on, not battery life remaining.

about 2 months ago
top

Kiva Systems Co-Founder: Drone Delivery Could Be As Low As 20 Cents Per Package

mcrbids Re:Still not legal, right? (92 comments)

The FAA is all about protecting the commercial use of the air.

It's so one-sided that pilots don't even have a consistent right to appeal punitive actions, and the rules around "non commercial" (private) flight are so ridiculous that merely sharing the cost of a ride in a small plane with a buddy can be considered a commercial flight, if your buddy does anything work related at all. It is truly just silly.

As soon as the drones have progressed technologically to the point where they are reasonably safe *and* profitable, the FAA would be all over that. Their biggest concern is making sure everybody knows that *they* regulate it.

about 2 months ago

Submissions

top

Comcast blocking DNS for BitTorrent users?

mcrbids mcrbids writes  |  more than 2 years ago

mcrbids (148650) writes "It appears that Comcast is killing BitTorrent use by blocking DNS to BitTorrent users.

For the past week, I've been having issues with my Comcast cable where everything "works fine" except DNS. Even setting up my own caching name server did not work since UDP port 53 was a black hole as far as the public Internet was visible to me. Resetting the modem/router fixed it, only to have the problem reoccur anywhere from a few hours to a day later.

Last Friday I noticed BitTorrent running on my Mac, sharing only a CentOS ISO image, and killed it. I haven't had a problem since. Can anybody corroborate this apparently new tactic being used by Comcast to censor BitTorrent use?"
top

Apache webserver vulnerable to "slow get", too

mcrbids mcrbids writes  |  more than 4 years ago

mcrbids (148650) writes "About a month ago, a story broke that http (apache, IIS and everything else out there) was susceptible to a "slow post", where a malicious client starts a connection to a web server, sends headers indicating a very large upload via POST, and then sends that upload very slowly, starving resources and eventually causing a DDOS.

Well today, doing some research to see how effective this attack was (hint: VERY EFFECTIVE) I tried the same thing using http GET as well, and saw very similar results. With a simple, 20-line PHP script run from my laptop, I was able to take a fairly beefy internal webserver (8 core, 12 GB RAM, CentOS 5) offline in just under a minute, and keep it that way for as long as I wanted to. The technique was simple: send "GET /" and then append letters, 1 or 2 every second or so. After several hundred simultaneous connections were achieved, the web server was no longer responsive. I don't have an IIS server to test against, and don't feel like using any "unwitting volunteers".

It doesn't take a large botnet to take most hosts offline. It takes only a single, relatively low-powered laptop and a 20-line script hacked up in PHP 5.Given that the "slow post" attack is already well known, it's only a matter of time before a black hat discovers that even disabling form post won't protect anybody, either!"
top

Disable Advertising? No way!

mcrbids mcrbids writes  |  more than 4 years ago

mcrbids (148650) writes "Dear Slashdot,

This is the only way I can think of to actually send a communication to you. I noticed tonight a checkbutton labelled: "As our way of thanking you for your positive contributions to Slashdot, you are eligible to disable advertising."

Well, I'm not going to check it. I've spent years writing my often +modded posts, and have enjoyed doing it! Your adveritising is subtle enough to not detract needlessly from the experience, you get a few pennies from my daily views, and I have purchased more than one item due to an ad posted on Slashdot. It's a win/win/win situation, and I will not be checking the button, nor do I steal content from websites by using products like Adblock. If a website has ads posted intrusively, then I avoid that site, rather than legitimize a website that is offensive in nature by giving it the benefit of my eyeballs.

Thank you Slashdot, for maintaining a high quality, highly relevant site for over 10 years now! I've not paid a thin dime for any of your content, and I have spent countless hours pontificating finer points; you have more than deserved whatever revenue you get from your classy, unobtrusive ad impressions!"
top

Root hole found in Linux

mcrbids mcrbids writes  |  more than 5 years ago

mcrbids (148650) writes "Looks like a pretty serious hole has been found in Linux — affecting 32 and 64 bit versions of Linux with and without SELinux using a creative way to exploit null pointer references. You can check it out yourself. As of this writing, there are no patches available for this, making it a potential zero-day exploit."
top

Rockstar squelches connection to Michael Savage

mcrbids mcrbids writes  |  more than 5 years ago

mcrbids writes "While poking around online I found this article which details an an easily verified connection between Rockstar Energy Drinks and Michael Savage the "shock jock" commonly found on ultra-conservative talk radio. Michael Savage has been banned from entering the United Kingdom due to the hateful nature of his monologues. Strangely, he broadcasts from the highly liberal San Fransisco on KNEW AM Rockstar has responded with the standard C&D route with lawyers, et al. Is this going to be another example of a company who hasn't discovered the Streisand Effect or is there legitimately no connection between Michael Savage and Rockstar Energy drinks, even if they are at the same address and share the same CFO? (Michael's wife, Rockstar CEO's mother)"
top

Best javascript framework?

mcrbids mcrbids writes  |  about 6 years ago

mcrbids (148650) writes "For the past 6 years or so, we've been heavily developing a proprietary, custom vertical application based on Linux, Apache, PHP, and PostgreSQL in a home-rolled PHP framework based loosely on Horde. We've been quite successful in the marketplace with our relatively classic technology based on HTML 3.x.

After investing heavily in fully redundant server clustering over the past year or so, we're finding that we'd like to improve our look and feel, improve response time, etc. and the natural way to do this is by incorporating javascript/ajax into our product. We've already begun some using ajax(y) in a few areas where very large tasks need to be coordinated over a long period of time — EG: longer than a typical browser timeout.

But we don't want to re-invent the wheel. There is a bewildering array of javascript frameworks, and with any framework, there's the risk of getting stuck trying to do something not anticipated by the framework developers.

So, which is the best, and why? Which should be avoided? Here are some of the frameworks I've seen so far:

Dojo, Ext JS, Fleejix.js, jQuery, Mochikit, Modello, Mootools, Prototype, Qooxdoo, Rico, and Scriptio. So far, in my research, jQuery and/or Prototype seem to be front runners, Dojo perhaps a close second.

I'd be most interested in the opinions of people who have switched from one to the other, and why?"
top

Turbo-charging logging?

mcrbids mcrbids writes  |  more than 6 years ago

mcrbids (148650) writes "I'm revamping our web-based application and am currently reviewing options as far as logging, particularly with redundant, clustered hosting solutions. I've run into a few problems that it seems no amount of online searching seems to have found.

My first concern is about scalability — our application writes directly to local log files. Unfortunately, many of the log entries are quite large and so cannot be piped over syslogd. Other options are much heavier, come with significant administration overhead, or bottlenecks. Is there a syslogd replacement that will allow for very large (tens of KB or larger) log entries?

My next question is about logfile integrity. A perfect log file is write-only, never rewrite. A one-way street, data goes in, gets saved, and never gets deleted. But any log file is essentially just a file, and a single # echo "" > /path/to/log will kill the log file dead. Yes, you can log remotely, but this increases complexity and therefore the chances of failure. Also, what if your remote log server is also compromised? I've been considering the use of a CD-R, especially the ability to recover from a buffer underrun during a write sequence. I've simulated a few, tying up the HDD with I/O while burning a CD-ROM. It under-ran, renegotiated, then resumed writing without incident. Why not use this capability, leave the drive in a sort of permanent under-run, and renegotiate for log entries? Wouldn't doing so create a file that could not effectively be erased, even if the host was compromised?"

Journals

Slashdot Login

Need an Account?

Forgot your password?