Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

ISPs Violating Net Neutrality To Block Encryption

unrtst Re:No Carriers (149 comments)

[I didn't RTFA]

Based on what's in this thread, what you state is no more likely than the reverse.
IE. it is just as likely that there is an SMTP fixup near the destination as it is to be at the ISP.

Your example facts:
I tried (destination X) on ISP A: it worked.
I tried (destination X) on ISP B: it failed. ... do not include the additional (possible) situation of:
I tried destination Y on ISP A: It worked.
I tried destination Y on ISP B: It worked. ... that later part was implied by the GP's "...monitoring the responses from the email server in issue."
If that is true, then it's MORE likely to be an issue near the destination.

Besides the example you provided, it'd be easier to explain as an IPS/IDS near the destination X that was configured to apply the rule only to traffic originating from ISB B. That's frequently the way test/debug rules are added so as to not impact others or to reduce load, and it's often the case for targetted restrictions (ex. a frequent spammy block).

I don't know either way, but that's part of the problem with referencing an incomplete complaint.

about a week ago
top

VeraCrypt Is the New TrueCrypt -- and It's Better

unrtst Re:CipherShed (220 comments)

CipherShed should have been mentioned in the summary. It's even mentioned in the article (yada yada I messed up and RTFA etc etc).

Some key points:
* VeraCrypt broke compatibility with the container format. However, it sounds like that may only be the hashing iterations on the password to derive a key that changed, so the actual format is probably exactly the same just with a different key. In any case, it can't open TrueCrypt containers and vice-versa.
* He's working on a migration tool (ie. import TrueCrypt container into VeraCrypt)
* The massive increase in iterations mentioned in the summary refers to what happens to your password to derive a strong encryption key. IE. it's only at startup; if done correctly, then it could improve the quality of the encryption key; it does not (AFAICT) affect the actual encryption of each block of data.
* CipherShed (someone from there) spoke with him in relation to helping each other, but CipherShed wants to retain TrueCrypt compatibility, so he is not interested in merging, but he may send patches and whatnot.
* The potential licensing issues are a bit suspect. My gut says the explanation is simply a lack of understanding of licensing or a disregard for it, but it welcomes some conspiracy theories.

about a week ago
top

Ask Slashdot: Why Can't Google Block Spam In Gmail?

unrtst Re:WTF? (261 comments)

Parent could use a moderation bump. It's an AC, but saying exactly what (I'm sure) many here are thinking.

about a week ago
top

WhatsApp's Next Version To Include VoIP Calls and Recording

unrtst Re: VoIP, eh? (65 comments)

The problem with all of these services is fragmentation. If I have a telephone, I can call anyone else who has a telephone, irrespective of what operators we both use. If I have a SIP account somewhere, I can generally do the same thing. If I have a Facetime account, then I can't call someone with Google Hangouts. Without federation, these services are far less useful than they could be (to users - the lack of federation is useful for encouraging lock-in, so good for the providers if they're big enough).

Agreed. Just to note though, Google Hangouts can call to and be called from the PSTN and supports Federated VoIP. This is not meant as an endorsement but, perhaps, it would be more clear if the example were Facetime to ... something else that lacks those features ...?

I tried to look up more details on Whatsapp's implementation, but I can't find any mention of it on their site, and the linked article doesn't go into any detail regarding it either, nor does it link to any press release or blog or anything else. Whatsapp can (and has been able to) send and receive voice messages,which are essentially just MMS file attachments, not two way real time audio (what would be considered VoIP). Is there more info on it somewhere?

about a week ago
top

Ask Slashdot: VPN Setup To Improve Latency Over Multiple Connections?

unrtst Re: What makes you think (174 comments)

Channel bonding sends pieces of the request in parallel over the different channels. It does not send the same request over multiple channels. Channel bonding's goal is to increase total bandwidth, not to reduce latency.

Yes, but most of the important pieces are in place already. I strongly suspect that someone with intimate knowledge of the channel bonding internals (kernel devs, speedify, F5/cisco/etc, other similar services) could add support for sending over both channels with an added flag/option in the config. It may be difficult to piggyback on the existing code, or it could be fairly trivial, but it certainly seems like the right place to add that support. Maybe one of the folks listed here could chime in?

Whether it's practical and worthwhile or not is a different matter. If one is already paying for 2 data connections + the server/service, it'd be cheaper (in most cases) to just get one good connection, and it'd certainly be less complex.

about a week ago
top

Ask Slashdot: Dealing With an Unresponsive Manufacturer Who Doesn't Fix Bugs?

unrtst Re:Stop paying. (204 comments)

Have to read into the summary since there are few actual details, but this was basically my interpretation as well... that this was a poorly made purchase that the execs are now forcing their employees to use simply because they are paying for it. It makes zero sense to me if and when an open source and/or free and/or developed in house product is available that performs better. I've lost track of how many times I've seen this happen, and it's beyond frustrating every time.

My advice (which seems to be all the user is asking for), is either:

a) fear for your job, be thankful, and continue suffering through it (with an option to record your hours lost due to supporting said product, and estimated hours of others lost, and estimated losses of customers if applicable, and reporting that monthly to your superior)

b) pretend to be blind to the mandate (ex. follow the letter of it, keeping said machine running, but don't actually use it, or use it in some other capacity); implement a seamless alternative labeled under a slightly different category (ex. primary vpn remains the one they pay for; add an openvpn or a simple locked down ssh server as an "emergency fallback" to ensure business continuity); when those you support have their clients fail, provide clear instructions on how to use the fallback. The users (and you) will end up only using the fallback if it works reliably and performs comparably. A year from now, when the contract runs out, just remove that product from the documentation and deactivate it. IE - In other words, get off your ass and just do it, rather than dicker around and debate the fine print; if your company still mandates that the working and provably better solution not be used, make your decision to either put up with it or go find employers with a like mindset.

It's very difficult to convince someone that made the decision to buy something that what they bought has a negative value (I like to call this situation "net negative" cause that sounds really bad, though that may not be a technically accurate phrase), and even if you do convince them, it's even more difficult for them to both admit it and to choose to cut their losses, even if it's obvious to you.

If you have to work excessively hard with a vendor to get a bug fixed, working harder to help them improve their shitty service is not a good solution. Oh, and like a few posts above said, put their payment in escrow if you choose to stop paying them (you're not legally allowed to stop making payments while the contract is still active, but you can put it in escrow... IANAL etc so consult legal first etc).

about two weeks ago
top

Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild

unrtst Re:"could be worse than Heartbleed" (318 comments)


# run under mod_perl

print "Content-Type: text/plain\n\n";

system("/usr/bin/xzgrep error /var/log/my.log");

Can you see how this prefectly secure quick CGI to find errors in your log file would result in a system compromise?

Yes, this is a very bad bug with many possible vectors of attack; No, that is not good code nor coding practice.

Why in the world would you have a mod_perl script that is calling a system command just to grep through some text?!!?
Regardless, in the realm of the potential for there to be some justifiable reason to call system(), the example should then be:
system('/usr/bin/xzgrep', 'error', '/var/log/my.log');
in which case, the shell is not executed.

about three weeks ago
top

Ask Slashdot: How To Keep Students' Passwords Secure?

unrtst Re:password manager (191 comments)

Hmm, I strongly dislike the idea of sitting in a public place and typing my "salt password" visibly into a prompt (especially if it litters the bash history), and then also getting the resulting login password in clear text.

No sure if the parent does the following, but your extra requirements are easy to get around.

* not in bash history? just put a space before the command (if you didn't know that already, you're welcome... it's so much easier than "rm .bash_history && ln -s /dev/null .bash_history" :-)

* result in the clear? Just use your clipboard: echo -n hunter2slashdot.org | md5sum | sha1sum | cut -c1-16 | xclip ... then just [SHIFT]+[INSERT] to paste it into the password field. You can also change the xclip selection by adding "-selection c" and then you can use [CTRL]+v to paste it.

* don't want to see yourself type it? enter "stty -echo" first, and be very careful typing the whole command. ... or make a small script to do it for you:
#!/bin/bash
LENGTH=$1
if [ "x$LENGTH" = "x" ]; then LENGTH=16; fi
echo -n "basepw: "
stty -echo
read PW
stty echo
echo
echo -n "site: "
read SITE
echo "$PW:$SITE" | md5sum | sha1sum | cut -c1-$LENGTH | xclip

about three weeks ago
top

Outlining Thin Linux

unrtst Re:min install (221 comments)

Gentoo? Not really unless you setup a build server for yourself separately, ...

From the summary:

When you're rolling out a few hundred Linux VMs locally, in the cloud, or both,

If you're managing a few hundred VM's, you should have the infrastructure in place to support them. There's loads of ways to do that, but if you're using Gentoo, that will include a build server (or cluster).

Similar if you're doing very small installs, they are often trimmed down and prepared from a full install so you can tweak the compressed filesystems and all that stuff.

You are right though - there's no need for some new distro split. The only thing I can see motivating this that is arguably legit is systemd. That's not going to be a server vs other or embedded vs other war though, it's going to be (if it happens at all) a systemd versus other-init-systems battle.

about a month ago
top

Do Specs Matter Anymore For the Average Smartphone User?

unrtst Re:IP68 the only thing I'm waiting for in a phone (253 comments)

IP68 would be good, though the SGS5 IP67 is decent... why aren't (almost) all phones doing that?

With the size of the phones, I'd like to see MSATA support on some select models, but I also think Ubuntu's dream of a phone that is also your desktop is something viable (feels inevitable to me, but I won't be surprised if it never happens because of some other advancement).

about a month ago
top

Fork of Systemd Leads To Lightweight Uselessd

unrtst Re:kill -1 (469 comments)

Meh. It's just a slightly-faster reboot that's only usable when you don't need to change the kernel.

If you rephrase that slightly, it makes a very different case:
It's just a slightly-faster reboot that's especially useful when you must ensure the kernel doesn't change (ex. unknown illo/grub state).

There are a handful of other times it's useful. My personal favorite is as a self destruct (secure delete almost all files and free space, then issue kill -1), though there are much better ways of doing that.

about a month ago
top

Ask Slashdot: Remote Support For Disconnected, Computer-Illiterate Relatives

unrtst Re:Dial up can still access gmail (334 comments)

I'd make this one really simple. Use an auto-updating Linux (like Mint), then setup a menu with few choices. Nothing Windows, and if you send a Mac, be sure it can be supported in their locale.

Updates, IMO, will be one of the biggest issues. I ran into this with a local (almost/soon-to-be) relative who was stuck on dial up. I just didn't do anything about their VERY slow computer until I got them onto something with some more speed (they were on dial up aol!!!). How in the world do you update/fix windows XP if someone is on dialup? I'm sure it's possible - I downloaded CD's back when I was on 33.6 - but I don't have weeks to spend doing that. I'm not sure exactly what the answer to that should be.

With that in mind, and with the stories of many virus infections and poor support from their friends, I'd probably try some sort of VM arrangement. Maybe something like:

* boot to something minimal and hardened (vmware ESX, linux + kvm, whatever you're most comfortable with really)
* set it up to automatically boot the VM, so that's really (almost) all they see
* VM install should have multiple disks
* disk1: OS, fully updated before you send it there, and take a snapshot
* disk2: data, copy there stuff here or plug in an external drive of theirs or whatever

If something goes really wrong, just go back to the snapshot.

Consider putting another VM on there that can do offline virus scan of those other disks (maybe clamav), and possibly integrity checks.

Could also put another on there that does a call home to you (dialup, wait for connection, ssh somewhere and setup a tunnel - go over 443 or 80 for a better chance of it working, and maybe use dyndns for the hostname).

Others above recommended gmail. Some other provider should be chosen if at all possible. I like gmail, and am also a fan of fastmail.fm, but pick whatever you want. Pick one that can pull mail from other providers, offers OK amounts of storage, imap (and/or pop3, but imap would be preferable so the data stays on the server and you can wipe their machine easier), and virus and spam protection should be decent too. Having webmail available would also be good, because then you can jump into their mail and clean it up if needed :-)

For remote access, forget about proxying commands through email. That's a bit crazy.
Just setup ssh on it and have it run on a variety of ports (22, 80, 443, 65000, whatever), and bookmark something like "whatismyip.com" for them to go to and tell you their IP.
If you MUST have some other proxied command method, there are some for various IM clients, and there's stuff like logmein. It's trivial to have pidgin run stuff in the shell via a plugin, for example. At least this could be part of something they don't use every day.

about a month ago
top

Ask Slashdot: Remote Support For Disconnected, Computer-Illiterate Relatives

unrtst Re:Dial up can still access gmail (334 comments)

Or use Gmail with an email client and IMAP.

Might work, but doesn't solve any of this guy's problems.

It doesn't solve *ALL* his problems, but it goes a long way to solving several parts of it:

* that can receive messages no larger than 1MB nor hold more than 15MB
* They are computer-illiterate, click on everything they receive, and take delight on sending their information to any Nigerian prince that contacts them, "just in case this one is true"

The former - they'll have more space.
The latter - gmail has, IMO, one of the best spam filters. I imagine it also does well with viruses, but I've never really worried about them (not on windows; don't execute attachments; keep my system more-or-less up to date).

about a month ago
top

Torvalds: No Opinion On Systemd

unrtst Re:Simple set of pipelined utilties! (385 comments)

If that was ever an expectation of Stallman's for operating system installations that heavily depended on GNU, then should have been in v1 of the GPL. Doing otherwise, and pulling this only after Linux had started to acquire some notoriety of its own makes him look just as bad as people who sit on patents until some really big company start to use it without knowing about the patent, and start enforcing it only then.

If it was ever an expectation of yours for operating systems that utilized a Linux kernel to not be called anything but Linux, then it should have been made clear in the license for the first version of Linux.

The person who first called it GNU/Linux in this thread didn't do so as a correction to you calling it Linux (regardless of whether or not that is warranted), yet you are on some rant to say that calling it "GNU/Linux" is wrong. WHY!?! There is more GNU in your average distro than there is Linux kernel, as you even pointed out.

What about Debian, Ubuntu, Slackware, Gentoo, Redhat, etc? Are they also just as bad as the submarine patent trolls you refer to?

about a month ago
top

Apple Edits iPhone 6's Protruding Camera Out of Official Photos

unrtst Re:Parallax. (425 comments)

And with the obvious FOV on those images, it's obvious you couldn't get close enough to hide it without pretty much having the edge directly against the camera lens. You'd have better luck trying fro further away to minimize its detail.

Wrong. It's very easy to hide it. I just did so with my Samsung Galaxy S4, whose camera protrudes about the same amount, but does so in the middle of the phone. And I did that with a crappy point and shoot... just get up close and position it correctly. If you're looking with your eyes, you will have to close one, and you'll have to be able to focus on things very close (I can't focus on stuff that close to my face, but my camera can).

FWIW, I'm not claiming they didn't simply photoshop the images, but it's certainly possible to take side pics that don't show the 1mm protrusion on the opposite side of the phone.

about a month ago
top

Ask Slashdot: Any Place For Liberal Arts Degrees In Tech?

unrtst Re:Ya, but... (392 comments)

*I* just want to code -- let others with liberal arts degrees be management.

Ugh, and that's the resulting problem. People who can't hack it with the actual labor but seem to try hard get promoted to management where they fulfill The Gervais Principle [http://www.ribbonfarm.com/2009/10/07/the-gervais-principle-or-the-office-according-to-the-office/].

This isn't just an IT problem. This happens in various ways in most companies after they reach a certain size. My dad was an equiptment operator (backhoe, grounds keeper, etc) for the state, and his bosses were nearly retarded, but no one that actually knew how to do the job wanted that middle management spot. I've heard the same story from almost everyone I know, except those that /are/ the middle management. There are exceptions to the rule, but those folks usually lead very stressful lives, struggle a lot, and put in way too many hours.

about a month ago
top

Tim Cook Says Apple Can't Read Users' Emails, That iCloud Wasn't Hacked

unrtst Re:Is this technically impossible - no. (191 comments)

Assuming the messages are encrypted on Apples servers at all, they would likely be encrypted with a random key, and a copy of that key would then get encrypted with your password, and another copy encrypted with something support can use (ie. apple owned), so that changing your primary password does not change the underlying key, but just changes the encryption on the copy. There may be multiple layers in there, and public key/private key stuff, etc, but that's one simple description of how, for example, you can send an S/MIME encrypted email to multiple recipients (primary message is encrypted once; its key is encrypted by the public key of each recipient and attached to the email; their private key can decrypt the key and read the message).

That said, my gut doubts there's much encryption going on. This quote:

such messages and calls are not held in an "identifiable form."

... I've heard similar from many C-line (ceo/cto/etc) calls and RFC's (ex. discussing PCI-DSS or SSN security). It generally means there's just an extra hop between foreign keys. I mean, it's obvious that the messages are identifiable from some perspective (your phone), so the breadcrumbs are there somewhere. Things that get downloaded or are real time (SMS and calls)... maybe they remove the lookup and leave the original data? There's still some ID on them.

about a month ago
top

Top EU Court: Libraries Can Digitize Books Without Publishers' Permission

unrtst Re:Fair Use (102 comments)

I agree that sharing a copy of a book in a library is fair use. But simultaneous sharing among multiple readers is not fair use. A library can stock multiple copies of a popular book and share them among thousands of users. But one reader per copy at a time. Otherwise your 'good trade off for society as a whole' becomes out and out appropriation. I agree that libraries would be great places if every book you wanted were always 'in the stacks', but you're not talking about a small loss of revenue any more.

We're all damned lucky that the concept of libraries was established WAY before copyright (~1200BCE). I highly doubt the idea would be tolerated with so many people viewing copyright as something so sacred as you make it out to be. What does fair use have to do with this anyway? This is a pretty nice read: http://en.wikipedia.org/wiki/H...

I believe libraries should be able to carry any and all digital copies of books and provide them in unlimited fashion to those at the library. I do not believe that would affect revenue in any noticable way. I'm quite confident an opinion poll asking how many people would go to the library and read books on a physical work station screen if all digital books were there... that would turn out to show very little additional participation relative to book sales volumes, but a not insignificant increase to library visits (they're already pretty low).

Directly relating paper books one-to-one with a digital copy is silly - it's simply not the same thing. At the same time, I'm drawing a very arbitrary line in saying people should have to go to the library. Perhaps they should be allowed to let people take home digital copies using the one-to-one physical copy restriction or a separate digital copy license? I'm not sure where the line should be past the library, but I don't see any reason to restrict it within the library.

about a month ago

Submissions

Journals

unrtst has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?