Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Wi-Fi Router Attack Only Requires a Single PIN Guess

mlts Re:Wireless security (81 comments)

The ironic thing is that WPA2-PSK is decently secure. I've not read of any significant breaks, assuming the key is of a decent length.

The problem is that there are shortcuts given (WPS) which make having a solid shared key pointless.

UPnP? Just asking for trouble. If a game has to have ports open, I'll manually open them myself. Otherwise, they should remain closed.

WEP? This shouldn't even be present in any router made in recent years. My HTC Wizard, circa 2006, had an application (before the word "app" was in common use on smartphones) to break WEP-protected Wi-Fi access points.

Open guest networks? No thanks. Guest networks with a WPA2 password that is turned off after a gathering? Possibly.

Remote admin? Nope. If I want this functionality, I'll have some sort of port knocking, a DMZ machine, and SSH with 2FA or via RSA keys to an inside machine to access the router.

MAC locking? Too much trouble than it is worth, especially when you get a new device. It adds little to security, but is a hassle. With a decent, 63 character, passphrase for the WEP key, assuming no device gets compromised, that will provide decent security, as far as I know.

DHCP is probably the only service I bother enabling because so many devices don't have the option for a static IP, or if configured, they can't be used on another SSID unless one manually flips the config back to dynamic IP addresses.

What would be nice would be a cross between WPA2-Enterprise and WPA2-PSK. This way, each device can have its own preshared key, without needing the complexity of RADIUS. Done right, the key can be shared to the device by typing it in, snapping a QR code, or many other ways, and if one device is sold, no need to change the key and have to reconfigure all the wireless devices on the segment.

2 days ago
top

Russian Military Forces Have Now Invaded Ukraine

mlts Re:Send in the drones! (825 comments)

Correction: Russian territory. This was done in 1918 to keep the Germans from getting stockpiles at the port cities. It can be considered a footnote in history for the West, but it is a sore point for Russia, and adds to the "US cannot be trusted" sentiment.

4 days ago
top

Russian Military Forces Have Now Invaded Ukraine

mlts Re:Send in the drones! (825 comments)

The US invaded Russia territory post WWI (Arkangel and Murmansk, for example.) The territory wasn't held for long, and the US actually kept the Japanese from invading around that timeframe, but this is something still imprinted on the Russian psyche.

4 days ago
top

Ask Slashdot: What Are the Best Games To Have In Your Collection?

mlts Re:Get-togethers? With DnD geeks? And enough PCs? (377 comments)

NWN 1 to me (and this is IMHO, so take it for what it is worth; little to none) is a must have. However, I would also take in all the hundreds of very good player written modules as well. The OC for the game was more of a primer on how to write modules right than a decent game in itself. SoU and HotU had decent scripts, but I would say that the top tier player written content (with the CEP and CTP) was some of the best I've played. A number of persistent worlds were outstanding as well.

NWN2 to a lesser extent. The graphics are better, but one couldn't do as much with the toolset.

Of course, the precursors to that, BG1, BG2, are a must.

Going backwards from there, the old Wizardrys and most of the old Ultimas are classics. Ultima 1-6 are timeless, but 7 afterward are sort of like Metallica post-"Black" album... same genre, but really different works with little to do with the previous except name.

Wizardry 1-3 are also classics. I'd probably go for an Apple 2 emulator and the images for them as opposed to the DOSBox version, but that is just me.

Another one is a game that wasn't that popular, but it was interesting for the time. Deathlord from EA. It was like the Ultima series... but was a lot harder, and had quite a large world to do stuff in.

4 days ago
top

Research Shows RISC vs. CISC Doesn't Matter

mlts Re:It's a question that WAS relevant (159 comments)

Even though Itanium is all but dead, I did like the fact that you had 128 GP registers to play with. One could do all the loads in one pass, do the calculations, then toss the results back into RAM. The amd64 architecture is a step in the right direction, and I'd say that even though it was considered a stopgap measure at the time, it seems to have been well thought out.

4 days ago
top

Research Shows RISC vs. CISC Doesn't Matter

mlts Re:It's a question that WAS relevant (159 comments)

With Moore's law flattening out, the pendulum might end up swinging back that way.

Right now, for a lot of tasks, we have CPU to burn, so the ISA doesn't really matter as much as it did during the 680x0 era.

But who knows... Rock's law may put the kibosh on Moore's law eventually, so we might end up seeing speed improvements ending up being either better cooling (so clock speeds can be cranked up), or adding more and more special purpose cores [1]. At this point, it might be that having code optimized by a compiler for a certain ISA may be the way of developing again.

[1]: High-power CPUs, low-energy CPUs, GPUs, FPUs, FPGAs, and even going from there, CPUs intended for I/O (MIPS.) It might be that we might have a custom core just to run the OS's kernel, another to run security sensitive code, and still others for applications.

4 days ago
top

DoT Proposes Mandating Vehicle-To-Vehicle Communications

mlts Re:Official Vehicles (256 comments)

Or just have the V2V set to check if the speed limit was exceeded in "x" amount of time and automatically send the ticket. Or have it log if someone stopped with the tip 1-2 cm past a stop line, and send another citation, etc.

Unless it is implemented right, it will be ripe for abuse, just like the red light cameras which have no yellow, or will briefly flash red, enough to pop a picture, then go back to green.

Of course, when the bad guys start messing around with V2V, it will be even worse, especially when someone starts transmitting "rear-end collision is imminent, slam brakes on NOW" on the highway to vehicles" at random times.

5 days ago
top

How Red Hat Can Recapture Developer Interest

mlts Re:Dump SELinux and systemd, make it easier (232 comments)

I've found SELinux useful. Yes, it can be a pain, but if the device is Internet facing or in the DMZ, it can do a lot to contain a security breach. As always, it can be shut off with a single command, but it is a layer of security that is generally worth having if at all possible. That way, even if the Web server has an exploit, an attacker manages to get into its context, then get root... they still are limited to the directories the Web server is allowed into. It isn't perfect, but it does help.

Unfortunately, the days of a static UNIX that stays the same are long gone. Security issues, feature demands [1], need to configure large numbers of hosts at once, and other items push vendors like RedHat to do updates.

[1]: One of those is having machines boot faster, thus moving to systemd, upstart, or another mechanism to allow asynchronous starting/stopping.

5 days ago
top

Chromium 37 Launches With Major Security Fixes, 64-bit Windows Support

mlts Re:Why not a master password for the PW manager? (113 comments)

Windows has the ability to stash login credentials securely, but on Linux, this functionality isn't present, so having the browser "pack its own parachute" with its own encryption would be nice.

5 days ago
top

Chromium 37 Launches With Major Security Fixes, 64-bit Windows Support

mlts Why not a master password for the PW manager? (113 comments)

I wish for a feature that is in Firefox... and that is the ability to set a master password and encrypt all password manager contents. That way, stored passwords and certificates are independently protected.

5 days ago
top

Seagate Ships First 8 Terabyte Hard Drive

mlts Re:Can we get a tape drive to back this up? (315 comments)

My concern about always-on storage is that if someone gets root, they can zero out the backup storage, purge all snapshots, then rsync the zeroed out changes.

I sometimes wonder about using hard disks instead of tapes in a silo. Perhaps something like iMation's RDX, except with modern, high capacity drives, or maybe even a robotic mechanism that can handle bare bones disks, moving them from a storage part to a reader [1], and so on.

Hard disks are not as reliable as tapes, but if done right, could be used as a way to have backups that can't easily be dumped with a single command as backups stashed on an Avamar or other appliance could be. Plus, there is also the benefit of being able to offsite media as well and rotate it in and out.

[1]: I looked into making a prototype of this circa 2009, and what companies would do the robotics accurately enough to handle bare-bones drives. It is a lot easier if the drives are in an enclosure, but bare-bones means that there are no enclosure "standards" to deal with.

5 days ago
top

Seagate Ships First 8 Terabyte Hard Drive

mlts Re: Switched double speed half capacity, realistic (315 comments)

In the early 1990s, AIX allowed you to partition drives (physical volumes) where a logical volume could be residing on the inner or outer part of a drive. That way, DB indexes and critical tables could be placed where access was relatively fast, while the stash for archive logs, program files, and stuff not really accessed could be placed on the outer part. Not SSD speed, but it was a way to help with database performance, especially if one had a lot of spindles.

5 days ago
top

Is Dong Nguyen Trolling Gamers With "Swing Copters"?

mlts Re:How do deal with copycats? (112 comments)

Slots apps are a good example of this. Virtually all of them will toss you a small amount of coins every four hours, and you gain levels by spending coins, so you can play more elaborate simulated slots, some of which only are playable for 30 minutes. Of course, if you don't want to wait the rest of the four hours, you can do in-app-purchases.

In fact, it seems most games on the smartphone tablet are this way... you need to consume/use "X" resource to gain levels to do more stuff... and the only way to do that quickly is to spend hundreds on some resource (coins, brains, smurfberries) to do so.

IMHO, a smartphone game that goes back to the pre-2011 IAP style of offering a decent game without forcing you to buy stuff -at all-, other than levels would be a hit. A good example of this would be "The Quest" game on iOS, which has a lot of additions to play through.

about a week ago
top

Securing the US Electrical Grid

mlts Re:air gaps (117 comments)

Nothing is 100%, but an air gap will force a black hat to either get someone physically on site, do some social engineering, or find someone that they can control to do their work for them.

By keeping stuff off the Internet, either air gapping or having a separate network with tightly controlled access points (or perhaps even something like a data diode [1]), it blocks all but the most well-heeled attackers, and big firms/governments are well adapted to deal with physical threats far more than stuff coming via the Internet.

[1]: I've taken two machines, each on a different network, plugged in a serial cable with one of the lines cut (so bits only moved one way), then used syslog on the secure network, and redirecting the port's output to a file on the insecure network. This wasn't fast, but it got data to people who needed it, while keeping stuff on the secure side off the Internet unless someone physically accessed it. A true data diode does the same thing, except faster... however expensive. As a hack, a dedicated line-level Ethernet tap might be something to be used because the computer plugged into the mirrored port will be unable to change or reply to the network stream coming from the secure side.

about a week ago
top

New Nail Polish Alerts Wearers To Date Rape Drugs

mlts Re: The world we live in. (585 comments)

It also happens to men.

A former co-worker of mine, who just got a job in another state, had someone stick roofies in his drink at a party. He wound up stumbling to the wrong house, got brained with a baseball bat, and snagged both a criminal trespass charge (because he opened an unlocked door) and a PI charge. None of this he remembers. His memory is gone from when had a drinks at the party until he wound up waking up shackled to a hospital bed due to the head injury.

about a week ago
top

Facebook Experimenting With Blu-ray As a Storage Medium

mlts Re:Everything old is new again. (193 comments)

I've personally handled tens of thousands of LTO tapes, and I've had less than five go bad. Three had soft media errors (where there was no data loss, just stuff that ECC codes were able to handle), and two had issues with being handled by the grippers in the robot.

I've also have recently pulled data from DLT IV tapes from 1998, no errors.

Plus, tape isn't expensive. The hard part is the drives and libraries, as well as suitable backup software. Once past that, individual tape cartridges are quite inexpensive. $50 is about the highest I see LTO-6, and I've even seen them as low as $10 each in quantities.

At Facebook's level, RAIT is possible, so I don't get why they are bothering with relatively small capacity media when LTO is an established, highly reliable format, and can do everything FB wants without having to reinvent the wheel. Even encryption can be set on drives.

about a week ago
top

Apple CarPlay Rollout Delayed By Some Carmakers

mlts Re:Hey, great idea here, guys... (76 comments)

XM still has a place. They used to offer a deal where you paid $800, and the car receiver had permanent access. Forever. Vehicle changes hands? Irrelevant. Then, it was useful for some alternative on a long trip, or listening to a talk radio station (although some of the AM stations in rural areas can go in some strange subject directions.)

Oddly enough, I have been happy with Ford's SYNC service. It works well with both Android and iOS, and can handle handsfree calls as well as A2DP.

Time will tell... but, since phones change so often compared to how often someone changes cars (well, unless they are super rich), it would be nice to have the audio head firmware intended to be as phone OS agnostic as possible and not have to be iOS or Android specific. Who knows... 2-3 years down the road, Tizen, FirefoxOS, BlackberryOS, Symbian, or some OS we may never have heard of might be a third contender.

I'd like to have the audio head have the ability to use media, both as a mounted drive, as well as MTP/PTP access. Bluetooth formats of handsfree and A2DP go without saying. The key is going with established standards, not something that depends on one OS or company.

Maybe the answer might be a modular system. A generic program that would work with everything, then CarPlay and other middleware if the user wants it. However, this seems like a bunch of redundant work, when the car audio system should be a completely separate entity from the phone.

about two weeks ago
top

Students From States With Faster Internet Tend To Have Higher Test Scores

mlts Re:sorry (175 comments)

There is also the fact that Mississippi is a lot larger than Massachusetts. It is easy to build high quality Internet connections in a state that is small, with almost all of its population concentrated on the eastern side. A larger state with less population, and population that is more scattered, with the biggest town being about 1/20 the size of Boston makes it a lot more expensive to sling fiber and provide access to residents, especially in a state with such a relatively low population density.

about two weeks ago
top

NSA Agents Leak Tor Bugs To Developers

mlts Re:Reading source for months... (116 comments)

SELinux is a good stab at that. While not 100%, it has helped ensure that a program that manages to get a root context still doesn't have full superuser reign over the system. It isn't simple, but it does a good job at security over previous tools like SUID wrappers.

I wouldn't mind a code review of web browsers and browser add-ons, as those are the first points of contact and generally a primary vehicle for malware to get a foothold.

about two weeks ago
top

NSA Agents Leak Tor Bugs To Developers

mlts Re:Yes Google and FB are the ones to protect us? (116 comments)

Tor needs a PR boost if that ever is going to happen. As it stands right now, it is SOP for an admin to block all exit nodes at the incoming router, the IP stack on the machine, the web server, and the application, because of abuse.

No big company is ever going to touch Tor as it stands right now, because of its reputation as a service for criminals (q.q.v. Four Horsemen of the Infocalypse.)

about two weeks ago

Submissions

top

Truecrypt is now dead

mlts mlts writes  |  about 3 months ago

mlts (1038732) writes "Visting the TrueCrypt website, they have posted that all development has ceased, and instructions on how to move to BitLocker from their product.

If this isn't a joke, this is a very sad day for crypto usage everywhere."

Link to Original Source

Journals

mlts has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>