Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Seagate Ships First 8 Terabyte Hard Drive

mlts Re:Can we get a tape drive to back this up? (181 comments)

My concern about always-on storage is that if someone gets root, they can zero out the backup storage, purge all snapshots, then rsync the zeroed out changes.

I sometimes wonder about using hard disks instead of tapes in a silo. Perhaps something like iMation's RDX, except with modern, high capacity drives, or maybe even a robotic mechanism that can handle bare bones disks, moving them from a storage part to a reader [1], and so on.

Hard disks are not as reliable as tapes, but if done right, could be used as a way to have backups that can't easily be dumped with a single command as backups stashed on an Avamar or other appliance could be. Plus, there is also the benefit of being able to offsite media as well and rotate it in and out.

[1]: I looked into making a prototype of this circa 2009, and what companies would do the robotics accurately enough to handle bare-bones drives. It is a lot easier if the drives are in an enclosure, but bare-bones means that there are no enclosure "standards" to deal with.

5 hours ago
top

Seagate Ships First 8 Terabyte Hard Drive

mlts Re: Switched double speed half capacity, realistic (181 comments)

In the early 1990s, AIX allowed you to partition drives (physical volumes) where a logical volume could be residing on the inner or outer part of a drive. That way, DB indexes and critical tables could be placed where access was relatively fast, while the stash for archive logs, program files, and stuff not really accessed could be placed on the outer part. Not SSD speed, but it was a way to help with database performance, especially if one had a lot of spindles.

5 hours ago
top

Is Dong Nguyen Trolling Gamers With "Swing Copters"?

mlts Re:How do deal with copycats? (111 comments)

Slots apps are a good example of this. Virtually all of them will toss you a small amount of coins every four hours, and you gain levels by spending coins, so you can play more elaborate simulated slots, some of which only are playable for 30 minutes. Of course, if you don't want to wait the rest of the four hours, you can do in-app-purchases.

In fact, it seems most games on the smartphone tablet are this way... you need to consume/use "X" resource to gain levels to do more stuff... and the only way to do that quickly is to spend hundreds on some resource (coins, brains, smurfberries) to do so.

IMHO, a smartphone game that goes back to the pre-2011 IAP style of offering a decent game without forcing you to buy stuff -at all-, other than levels would be a hit. A good example of this would be "The Quest" game on iOS, which has a lot of additions to play through.

yesterday
top

Securing the US Electrical Grid

mlts Re:air gaps (115 comments)

Nothing is 100%, but an air gap will force a black hat to either get someone physically on site, do some social engineering, or find someone that they can control to do their work for them.

By keeping stuff off the Internet, either air gapping or having a separate network with tightly controlled access points (or perhaps even something like a data diode [1]), it blocks all but the most well-heeled attackers, and big firms/governments are well adapted to deal with physical threats far more than stuff coming via the Internet.

[1]: I've taken two machines, each on a different network, plugged in a serial cable with one of the lines cut (so bits only moved one way), then used syslog on the secure network, and redirecting the port's output to a file on the insecure network. This wasn't fast, but it got data to people who needed it, while keeping stuff on the secure side off the Internet unless someone physically accessed it. A true data diode does the same thing, except faster... however expensive. As a hack, a dedicated line-level Ethernet tap might be something to be used because the computer plugged into the mirrored port will be unable to change or reply to the network stream coming from the secure side.

2 days ago
top

New Nail Polish Alerts Wearers To Date Rape Drugs

mlts Re: The world we live in. (567 comments)

It also happens to men.

A former co-worker of mine, who just got a job in another state, had someone stick roofies in his drink at a party. He wound up stumbling to the wrong house, got brained with a baseball bat, and snagged both a criminal trespass charge (because he opened an unlocked door) and a PI charge. None of this he remembers. His memory is gone from when had a drinks at the party until he wound up waking up shackled to a hospital bed due to the head injury.

2 days ago
top

Facebook Experimenting With Blu-ray As a Storage Medium

mlts Re:Everything old is new again. (193 comments)

I've personally handled tens of thousands of LTO tapes, and I've had less than five go bad. Three had soft media errors (where there was no data loss, just stuff that ECC codes were able to handle), and two had issues with being handled by the grippers in the robot.

I've also have recently pulled data from DLT IV tapes from 1998, no errors.

Plus, tape isn't expensive. The hard part is the drives and libraries, as well as suitable backup software. Once past that, individual tape cartridges are quite inexpensive. $50 is about the highest I see LTO-6, and I've even seen them as low as $10 each in quantities.

At Facebook's level, RAIT is possible, so I don't get why they are bothering with relatively small capacity media when LTO is an established, highly reliable format, and can do everything FB wants without having to reinvent the wheel. Even encryption can be set on drives.

3 days ago
top

Apple CarPlay Rollout Delayed By Some Carmakers

mlts Re:Hey, great idea here, guys... (75 comments)

XM still has a place. They used to offer a deal where you paid $800, and the car receiver had permanent access. Forever. Vehicle changes hands? Irrelevant. Then, it was useful for some alternative on a long trip, or listening to a talk radio station (although some of the AM stations in rural areas can go in some strange subject directions.)

Oddly enough, I have been happy with Ford's SYNC service. It works well with both Android and iOS, and can handle handsfree calls as well as A2DP.

Time will tell... but, since phones change so often compared to how often someone changes cars (well, unless they are super rich), it would be nice to have the audio head firmware intended to be as phone OS agnostic as possible and not have to be iOS or Android specific. Who knows... 2-3 years down the road, Tizen, FirefoxOS, BlackberryOS, Symbian, or some OS we may never have heard of might be a third contender.

I'd like to have the audio head have the ability to use media, both as a mounted drive, as well as MTP/PTP access. Bluetooth formats of handsfree and A2DP go without saying. The key is going with established standards, not something that depends on one OS or company.

Maybe the answer might be a modular system. A generic program that would work with everything, then CarPlay and other middleware if the user wants it. However, this seems like a bunch of redundant work, when the car audio system should be a completely separate entity from the phone.

4 days ago
top

Students From States With Faster Internet Tend To Have Higher Test Scores

mlts Re:sorry (175 comments)

There is also the fact that Mississippi is a lot larger than Massachusetts. It is easy to build high quality Internet connections in a state that is small, with almost all of its population concentrated on the eastern side. A larger state with less population, and population that is more scattered, with the biggest town being about 1/20 the size of Boston makes it a lot more expensive to sling fiber and provide access to residents, especially in a state with such a relatively low population density.

4 days ago
top

NSA Agents Leak Tor Bugs To Developers

mlts Re:Reading source for months... (116 comments)

SELinux is a good stab at that. While not 100%, it has helped ensure that a program that manages to get a root context still doesn't have full superuser reign over the system. It isn't simple, but it does a good job at security over previous tools like SUID wrappers.

I wouldn't mind a code review of web browsers and browser add-ons, as those are the first points of contact and generally a primary vehicle for malware to get a foothold.

4 days ago
top

NSA Agents Leak Tor Bugs To Developers

mlts Re:Yes Google and FB are the ones to protect us? (116 comments)

Tor needs a PR boost if that ever is going to happen. As it stands right now, it is SOP for an admin to block all exit nodes at the incoming router, the IP stack on the machine, the web server, and the application, because of abuse.

No big company is ever going to touch Tor as it stands right now, because of its reputation as a service for criminals (q.q.v. Four Horsemen of the Infocalypse.)

4 days ago
top

It's Easy To Hack Traffic Lights

mlts Re:What are they waiting for? (143 comments)

I remember this crossroads in the 1990s. Would firms in general focus on security, even though the worst threats at that time were college students looking to rm -rf / a box or two for kicks.

It came out worse than I could imagine. I heard the "security has no ROI" mantra many a time (although the past couple places I worked at, they actually take it seriously.) When working as a consultant, I asked companies what they had for something if they were hacked. The response was, "We will call Geek Squad or Infosys, and have the problem fixed."

I have read people hoping for a "Warhol event" that would get businesses focusing on security. However, I would say that a "cyber 9/11" (to use a buzzword" would do far more harm to security in general than help.

Take this scenario:

A hurricane has a populated city in its sights. Evacuations are starting. As people are getting on the roads, Elbonian actors hack the anti-theft disable mechanism of a major car maker, disabling random cars at a time on all major roads. When those are towed, another set of cars get turned off. Havoc happens.

Congress is then pushed to push some bills into law. Well, they do. However, they do little or nothing. Here are the bills:

1: A mandatory DRM stack on any device in the US accessing the Internet, enforced by endpoint routers, with mandatory 10-life if any are tampered with.

2: All "tools for cyber-warfare", even something as banal as tcpdump, would be removed from operating systems, and only allowed to registered people.

3: Similar to #1, all machines would run a scanner similar to an antivirus utility, but would use signatures to look for unlicensed MP3 files, movies, programs like Handbrake, and if detected, would automatically shut the machine down and notify the local authorities.

4: A central ID card, similar to a PIV/CAC would be requires on any/all devices so all transactions (even a web login) are positively identified. It would be a felony for someone to access the Internet without their packets being signed or attributed to an ID card.

Of course, none of this would actually -HELP- security, but it would keep it swept under the covers, and (using MBA speak) allow better monetization of existing revenue streams... i.e. your PC becomes a locked down console with only big name brands able to write software for it due to the legal barriers of entry.

4 days ago
top

It's Easy To Hack Traffic Lights

mlts Re:Welcome to the Information Age! (143 comments)

I know what the reply will be:

"The hackers would have gotten in no matter what we would have done."

4 days ago
top

Study: Ad-Free Internet Would Cost Everyone $230-a-Year

mlts Re:That's it? (579 comments)

If push comes to shove, websites will win. They can embed the whole site in a DRM-ed Flash or Silverlight wrapper, or with how advanced browser fingerprinting is, permanently blacklist that user and computer from the site, perhaps sharing the blacklist with other sites as a deterrent.

You don't need a TPM to fingerprint a user. EFF's panopticlick will make it quite obvious that most users have quite a unique browser fingerprint, and that is without using the canvas function.

5 days ago
top

Study: Ad-Free Internet Would Cost Everyone $230-a-Year

mlts Re:That's it? (579 comments)

I wonder about a clearinghouse. Pay them something a month, and you can access member websites either via a client certificate or a tag that you put on the URL end when going to a clearinghouse's client site that checks to see if the user is authenticated, but can't ask for anything more than that (i.e. no user info from the clearinghouse.) Then, the member sites get paid for every page view from the clearinghouse.

Of course, this is ripe for abuse, be it scripts that rapidly reload pages, to malware swapping one site's ID for another, but it would be an answer to ads.

5 days ago
top

Study: Ad-Free Internet Would Cost Everyone $230-a-Year

mlts Re:$230 (579 comments)

I have adblock running on everything. No auditory diarrhea encountered here.

Even with that in mind, a lot of websites end up causing the RAM in their browser instance to bloat... so I end up using Chrome's task killer to stop the browser executing stuff in windows when I call it a night, then refresh the pages when I come back to it.

5 days ago
top

Do Readers Absorb Less On Kindles Than On Paper? Not Necessarily

mlts Re:From an avid reader... (105 comments)

I have tried a number of E-readers, and the one I tend to use the most (other than my phone) is an older Kindle Keyboard. I do like having paper books, but there is something about being able to find an O'Reilly book about a subject when in a server room, or buy the modern equivalent of penny dreadfuls (Weird Tales... 101 decent short stories for a buck. Hard to beat that.)

The instant delivery is also nice. Friend mentions a book, and grabbing a copy is very quick... although one might pay $10 and find that the friend's author is not exactly your tastes... but there are worse things to spend money on than books.

about a week ago
top

The Data Dome: A Server Farm In a Geodesic Dome

mlts In OEM specs? (62 comments)

Where the rubber meets the road is if the machines are in temperature and humidity specifications for the equipment, so warranties are not voided.

If this is workable, even during the winter or when it is extremely rainy/humid, this might be a useful idea. However, there is only a limited set of climates that this would work in. The PNW with its moderate temperatures makes sense for this. However, if I attempted to do the same thing in Texas, come summertime, I'd have a building full of BBQ-ed servers.

about a week ago
top

Ask Slashdot: Would You Pay For Websites Without Trolls?

mlts Re:Very subjective (381 comments)

Very true. That site is the weak link in the chain. However, a lot of websites are only allowing people to post using Facebook IDs. If a site is going to use another site to keep the trolls at bay, having this two-tier method provides something. Some anonymity is better than none.

about a week ago
top

Ask Slashdot: Would You Pay For Websites Without Trolls?

mlts Re:Very subjective (381 comments)

This might be a way a company can run a pseudo-anonymous identity validator.

John Doe would create an account with foo.com. Foo.com would know John Doe's real life info. When John Doe wants to create an account with bar.com, foo.com sends a hash of the user (the user account + a nonce + the hostname, all hashed.)

Bar.com gets the hash, and John Doe creates a user with a handle. Later on, John Doe tries to create another user for a sock puppet. bar.com realizes there is already one person with that hashed userID, so disallows the user creation unless the other account is removed.

Bar.com finally gets tired of John Doe, and bans him. John Doe creates another account, but because foo.com sends a hashed user that is banned, that is stopped.

Never does bar.com know anything about John Doe other than that he has a foo.com account, and a certain hash. However, the info is good enough to block John Doe from creating other accounts unless he manages to fool foo.com into having multiple, real named accounts with them.

Of course, this isn't 100%. Foo.com can have lax identity validation measures which allows duplicate users. Someone can find out the nonce used as part of the username hashing process. This can be mitigated by adding another database tuple with a random number, but this would mean that foo.com would have to have a 128 bit number for every single site a user visits, rather than calculating a hash.

The result is that a person would have privacy... the worst that happens is that they are blocked from accessing the site. Trying to find the person's real identity and coming after them would be difficult.

about a week ago
top

Apple Begins Storing Chinese User Data On Servers In China

mlts Re:What's the problem... (92 comments)

I feel dumb by asking, but "encryption keys" is sort of vague, IMHO. What type of encryption? Disk level? SAN level (where PowerPath uses RSA keys to decrypt the LUN presented), LVM level with a tool like BitLocker? Database level? Application level (where all tuples are encrypted upstream)?

For example:

1: Take BitLocker for example. For I/O on a drive, it has to have the FVEK (full volume encryption key) in memory at all times. Even if the FVEK is unlocked from somewhere else (TPM chip), if it is slurped out of RAM, the drive can be decrypted.

2: If encryption is used on a database by an application not in China, then there is a bottleneck of all data going through that application.

3: If the Chinese servers are configures with IBM's SAN encryption and the keys for the physical drives are accessed offshore, then compromising of the machines the LUNs are presented to would bypass that.

Encryption is just one piece of a puzzle. Key management and implementation is a huge factor as well. Even something as humble as a tape backup can require infrastructure, both management and technical for adequate security [1].

[1]: Ironically, a lot of companies are well off by just setting a long passphrase on their tape drive silo, and calling it done, assuming the passphrase is stored on paper somewhere secure and well away from the media. I have seen extremely complex appliances that give every tape its own key. The vendor demanded the customer buy two appliances. When I asked the appliance vendor how I back up these tens of thousands of random keys, they said that I had to buy a third appliance to mirror. Way too expensive, complex, and too many moving parts when in a lot of cases, just a simple passphrase is just as good.

about two weeks ago

Submissions

top

Truecrypt is now dead

mlts mlts writes  |  about 3 months ago

mlts (1038732) writes "Visting the TrueCrypt website, they have posted that all development has ceased, and instructions on how to move to BitLocker from their product.

If this isn't a joke, this is a very sad day for crypto usage everywhere."

Link to Original Source

Journals

mlts has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>