Western Digital - Caviar Green

Since we're trading anecdotes about hard drives I personally like the Western Digital Caviar Green hard drive line and use them for external storage and had only 2-failures (one-predicted) out of ~12-drives of various sizes throughout a 5-year period or so. None of this should mean anything to anyone because this is all anecdotal evidence and Google's research paper about hard drive failures is what you should be judging failures by not Slashdot posts.

I like these slow 5400RPM or (IntelliPower Variable RPM) speed drives since I use them as floppies in my external caddies (i.e. cradles) connected with eSATA to my motherboard SATA controller. I plop them in, turn on the caddy, let the OS hot-detect the drive and mount it, I use it transfer stuff to them, then dismount them, and turn off the caddy the remove the drive sometimes while the platters are still spinning since I feel the gyroscopic effect.

The slower rotational speeds and power-saving technology prevents them from heating up so much and I still get ~75 MB/s peak transfer rates for large multi-GB files with ~50 MB/s nominal and ~30 MB/s slow rates for small files. Awesome drives and Western Digital's online Warranty check and RMA process is simple and efficient.

My drives all still have the 3-year warrant and that is fine. If the warrant suddenly drops to 1-year I'll still buy these drives for the performance and features that they offer and because they have been good to me.

Photography and related equipment questions DO NOT belong on Slashdot! There are dozens of sites that offer reviews, questions, answers, posts, and opinions. Go there and leave us computer geeks alone.

Photography opinions are akin to Religious opinions. Not to be discussed in polite company outside of their own circles.

Wasn't there are story about the Chinese telecom companies trying to get into the US telecom business last week? Wouldn't a T-Mobile buyout by a Chinese company be the next step now that AT&T lost their chance? Wouldn't the current administration which is beholden to foreign investment funds be willing to sell T-Mobile to the Chinese? Is this too far fetched to image this happening?

your master password is only as secure as the weakest website you use it on

Perhaps I am misunderstanding what you're trying to say or you misunderstood PasswordMaker's one-way hash based idea.

The master password is used as a seed plus the URL + other funky info for a hashing function to create the password. The password that any website sees is derived from the one-way hashing algorithm used (MD5, SHA1, RIPEMD, etc.). The hashed password cannot be reversed. Only thing that can be compromised is your password for that one single site which is useless for any other site.

The best attack you can do is create multiple rainbow tables each, per site, per hashing algorithm used, per length of password, per character set, per each funky info chosen leading to thousands of rainbow tables due to algorithm permutations you're trying to catch.

It would be easier to use a key logger sniffer trojan on my computer to grab my master password and also the settings file for PasswordMaker to figure out what settings I used to generate it. If you can do this then all my passwords are compromised no matter if I used PasswordMaker, md5sum, or storage-based password app like GPG, etc.

Or could could just beat me with a $5 pipe wrench until I tell you my settings scheme and master password so you can post snaky comments on forums using my accounts.

PS: Anytime you say something is MILSPEC then I know that you can't be serious because MILSPEC is largely an inside joke to people who know.

I understand the issue with truncation causing 32-character password to be pared down to 8-characters effectively shrinking the entropy to something easily guessable that is a serious problem. Base64 encoding is better than Hex but still can be truncated.

I do have my reservations about PasswordMaker or the simplistic md5sum method I described but I am also equally concerned about fully unique password stores in a file that has a single master password. That file is golden, and if you lose it or have it compromised even if someone doesn't know your master password they effectively defeated that security system because you can't be sure if they have or will compromise the encrypted file. File management also becomes an issue if you have to access those accounts from a mobile phone, work laptop, on vacation, in an emergency where you don't have access to your own computer or USB stick, etc.

I also agree that all the options in PasswordMaker doesn't really make much sense if your master password is good already, they just try to add complexity to the hashing algorithm which is unnecessary since the hashing function has a good entropy already. These settings are just to create security by obscurity for any would-be holders of the master password but like you said the total permutations of choices is really limited and not so useful. I think the character set alpha-num+symbols, password length, and hashing function are more than enough.

My plan is to use different master passwords for different types of sites and also different security level desired so that throw-away forum logins wouldn't share game account password wouldn't share e-mail account passwords, and so on and so on. If one password got compromised only that site's account would be compromised and no other. If one master password got compromised then only that group of sites would be compromised.

Multiple login attempts to online sites usually get met with verification schemes, time-outs, lock-outs slowing down the password guessing process. However, brute force breaking of a password file can happen without limitation on farms of botted computers.

Both solutions offer the same thing, unique passwords per site so that insiders cannot use your password to login to other sites and accounts. One is storage-less one is storage-based.

The truly unique password stored in the file are stronger since they are truly random so at first this sounds like a great idea until the reality of management of the password file surfaces and you end up with all your eggs in one basket, that can be copied.

The algorithmically based passwords are not nearly as strong since they can be reversed if the master password or passwords are known but you don't have to manage any files, except maybe the preference file showing the settings you used for special sites that don't accept certain characters or lengths that you normally use.

Password management is a difficult task, especially when we have to manage dozens if not hundreds of accounts by now all using their own authentication system instead of using OpenID or Google APIs or Microsoft .Net.

Right now, I like the idea of storage-less unique password management better than trying to guard a password file in the world of Windows machines and vulnerabilities.

Got hit with this one!

On the morning of Nov 7th I started getting e-mails from Steam Support with confirmation codes when someone was trying to change my password and e-mail. Reinstalled Steam after a year or more of non-usage only to find that someone has been playing TeamFortress 2 on it, the same day. Changed my passwords. That evening received a number of angry e-mails from a Russian guy ( [www.crazy_denis@mail.ru]) demanding that I put the passwords back so he can use the account he bought and paid for. Used Google Translate into Russian sometimes Ukrainian to string him along through 12 short e-mails and got him to reveal and confirm that he actually had my username and password in clear text. Opened up a support case with Steam and forwarded the entire e-mail chain to them to start investigating. Got a form letter back, replied again asking them to check their systems for intrusion... today Slashdot story breaks about Steam being compromised. I wasn't the only one I guess!

PasswordMaker - Storage-less and per-site unique hash based password scheme

Changing all my passwords now to a PasswordMaker scheme for unique passwords for every single site based on a storege-less system that uses a master password + URL + other info you choose -> MD5 sum -> alpha-numeric symbols -> length limit to generate a unique password for every site and account based off your own single or multiple master passwords. You have to remember your own password and the settings you used and generate the same password every time that is unique and there is no secret data file to steal from you or for you to lose on a USB disk or upload to the net. This way your password is already hashed when you submit it to a site, it is unique per site, you don't have to store a list of passwords in any file, and you can regenerate your password on any browser, mobile phone, programming language since this app has been ported to practically everything.

I was thinking of something simpler such as "echo MyPassword69! slashdot.org|md5sum" and then "aaa53a64cbb02f01d79e6aa05f0027ba" using that as my password since many sites will take 32-character long passwords or they will truncate for you. More generalized than PasswordMaker and easier to access but no alpha-num+symbol translation and only (32) 0-9af characters but that should be random enough, or you can do sha1sum instead for a little longer hash string.

Here's the conversation for all of you.

From: [mailto:www.crazy_denis@mail.ru]
Sent: Monday, November 07, 2011 11:03 PM

Crazy Denis: You bitch Give me my account is steam which I bought yesterday! will not come back you will have problems moshenik fucking

JakFrost: I would kindly suggest you go and get another account from the source before you lose more than just money. To understand each.

Crazy Denis: How do I get another account?

JakFrost: Ask a guy who you got this one and get another one. This account is off limits.

Crazy Denis: I wrote to him he was going to do nothing to write tehpoderzhku said there had already written an answer waiting for 24 hours
damn well bring back pliz account you do what it's worth it

JakFrost: What's the password for that account so that I could find one for you?

Crazy Denis: Login: MyUsername Password: ********

JakFrost: (No Reply)

Crazy Denis: Well, I found?

JakFrost: That is correct user name and password, but that account is currently blocked by Steam support of a security breach. I can not use it either, so it ruined for us both.

Crazy Denis: Yes, all right there!, Today began to go wrong is led pishel password or an account is not suschustvuet

JakFrost: I do not know, I get an error that the password is incorrect or the account has not been found.

Crazy Denis: A registered on your soap the same account?

JakFrost: No, it does not work.

Crazy Denis: clear, damn well feel sorry for you and I were left without an account, but I also paid for this account

JakFrost: Yeah me too, I lost money on it, too. Maybe it was sold to many people, and we are not alone?

Crazy Denis: can be!

JakFrost: We both have lost count. Too bad. Good luck and goodbye.

Crazy Denis: Come on you too, good luck and dosvidaniya!

From: Steam Support [mailto:email@support.steampowered.com]
Sent: Tuesday, November 08, 2011 6:12 PM
To: JakFrost
Subject: RE: Hack attemps, took precautions, need IP logs. - [9741-TBNM-6929] [6ee6d830]

Hello,

A staff member has replied to your question:

Hello,

We will investigate this matter and take appropriate action.

GnuWin32

CoreUtils
DiffUtils
FindUtils
Gawk
Grep
Sed
WGet
Zip/UnZip

NirSoft

All Utilities (Ignore False-Positive VirusScan Warnings)

The chassis fan is connected to the CPU fan lead, there is no CPU fan on this motherboard. The temps are high but they are always this high even with the fan spinning slowly to cool down the case and also the fan in the power supply.

There might be less expensive and more powerful options available this year with the AMD and Intel with integrated graphics but I haven't looked into them in terms of thermals, Mini-ITX, case compatibility, noise, etc. My little HTPC runs non-stop as my Linux server and HTPC box and works great so I recommend it.

I build this HTPC system last year and loaded it with XBMC Live running on Ubuntu (now 11.04) that can do full 1080p hardware accelerated decoding of complex scenes without dropping a single frame (I do my own encodings). Because the Intel Atom is a dual-core at 1.8 GHz along with nVidia Ion Next Generation which is equivalent to a GT210 video card it can shred on graphics.

HTPC - iAtom 1.8 2C, 2GB DDR3, 40GB SSD, 2TB HDD, Blu-Ray, ATSC+ClearQAM, Mini-ATX, 120mm Fan

Subtotal: $588.91
Shipping: $22.22
Total: $611.13

MOB: ASUS AT5IONT-I Intel Atom D525 (1.8GHz, dual-core) BGA559 Intel NM10 Mini ITX Motherboard/CPU Combo
MEM: G.SKILL 2GB 204-Pin DDR3 SO-DIMM DDR3 1333 (PC3 10600) Laptop Memory Model F3-10600CL9S-2GBSQ
TVC: AVerMedia AVerTVHD Duet - PCTV Tuner (A188 - White Box) MTVHDDUWB PCI-Express x1 Interface
SSD: Intel 320 Series SSDSA2CT040G310 2.5" 40GB SATA II MLC Internal Solid State Drive (SSD)
HDD: Western Digital Caviar Green WD20EARS 2TB SATA 3.0Gb/s 3.5" Internal Hard Drive -Bare Drive
DVD: LITE-ON Black 4X Blu-ray Disc Reader SATA Model iHOS104-08
CAS: APEX MI-008 Black Steel Mini-ITX Tower Computer Case 250W Power Supply
FAN: GELID Solutions FN-SX12-10 120mm Silent Case Fan
REM: AVS Gear GP-IR02BK Vista 2 channel IR Remote Control

Temperature Sensors

This thing is completely silent when watching TV and it doesn't overheat or suffer from any thermal problems, even in super hot temps outside and a warm house at 80 F.

user@XBMCLive:~$ sensors
atk0110-acpi-0
Adapter: ACPI interface
Vcore Voltage: +1.12 V (min = +0.85 V, max = +1.60 V)
  +3.3 Voltage: +3.33 V (min = +2.97 V, max = +3.63 V)
  +5 Voltage: +5.05 V (min = +4.50 V, max = +5.50 V)
  +12 Voltage: +12.10 V (min = +10.20 V, max = +13.80 V)
CPU FAN Speed: 989 RPM (min = 600 RPM)
CHASSIS FAN Speed: 0 RPM (min = 600 RPM)
CPU Temperature: +50.0C (high = +60.0C, crit = +95.0C)
GPU Temperature: +52.0C (high = +60.0C, crit = +95.0C)

user@XBMCLive:~$ sensors -f
atk0110-acpi-0
Adapter: ACPI interface
Vcore Voltage: +1.12 V (min = +0.85 V, max = +1.60 V)
  +3.3 Voltage: +3.35 V (min = +2.97 V, max = +3.63 V)
  +5 Voltage: +5.05 V (min = +4.50 V, max = +5.50 V)
  +12 Voltage: +12.10 V (min = +10.20 V, max = +13.80 V)
CPU FAN Speed: 983 RPM (min = 600 RPM)
CHASSIS FAN Speed: 0 RPM (min = 600 RPM)
CPU Temperature: +122.0F (high = +140.0F, crit = +203.0F)
GPU Temperature: +125.6F (high = +140.0F, crit = +203.0F)

I thought that the original leak by Bradley Manning was a brave thing that he did, especially since the information he chose to leak was only low-level classified and unclassified information. He should be given a humanitarian award for his role in this.

Then I thought that WikiLeaks sharing the diplomatic cables with select journalists at respected organizations so that they can review the material, redact and sensitive personal information, and then publish a well written analysis of the most interesting cables was also a good and respectable thing.

However now that I find out from the Spiegel article that the shared file to the Guardian was just left on the file server after the confirmed that they got it is just such a stupid mistake. Encryption is not the be-all-end-all answer to security and WikiLeaks failed to understand that. Also the password was long and complex but the phrase shares the context of the data it encrypts and also could have been guessed eventually since it had so little entropy and difficulty.

Then to hear about pool record and file keeping, copying files to another server, hiding in subfolders, then copying them back and sharing them out on BitTorrent, what a cock-up that was! It's like the story of so many people on older P2P platforms sharing out their entire hard drives without realizing that people were download their application password files, personal documents, tax returns, pictures, and other stuff that should never be shared. It makes me think that WikiLeaks lacks some common computer sense and good server administrators who maintain and clean-up crap after their users.

This is one of those Epic Fails that will affect many people now and later, and will ripple down in history as a lesson of the reprecautions of good leaks going bad due to negligence and ignorance.

Software As Service, People!

What version of Google Maps and Gmail are you using right now? How about Google Calendar and Picasa? What do you mean you don't know? Can't you tell?

No you can't. All you know it's there, it works, it's the "newest" version you know off because of the new stuff showing up since the last update day.

Experiment Freely Developers

Firefox is following the same ideology here due to Google developer's influence. Let the developers strip the version numbers from the user experience part and us geeks will know how to tell in the about:support pages.

Let them mold and reshape our browser, hold the GUI and switch it up as much as they want. Remove the buttons, change the address bar, remove the protocol and domain suffix, strip the status bar, remove the menus, do whatever they want to experiment on trying to find the best user interface out there. Use us users as your test subjects and experiment to find out what works and what doesn't. Let the browser evolve forcefully because the users won't let new things to be tried on them peacefully without complaints.

Nobody is forcing anyone using Firefox to upgrade, stay at the latest 3.6.x release or 5.0.1 release or whatever if you don't want to participate. Let you organization standardize on a release. Nobody from Mozilla is forcing you to upgrade due to licenses, registrations, expiration, or mandatory upgrades, use whatever you want.

Microsoft Office Ribbons vs Toolbars

I heard all the moaning and groaning about Microsoft Office Ribbons versus Toolbars and I reserved my judgment until I tried them. Now that I use them and learned where all the options are I see them as a great and welcomed improvement and I'm looking toward the new Windows 8 having the Ribbon interface instead of toolbar icons. The ideaology of the Ribbon removing the duplication of the menus and toolbar icons is a logical one and add that the context sensitive color highlighted ribbons that appear when editing different elements such as tables, pivots, images, etc. just makes so much sense to me and makes my editing a breeze.

Weak up people, embrace the future and leave the old interfaces behind. Firefox developers, thread on and try new things!

Good will, kind wishes, and a friendly cooperating community is not enough when you are all alone and there is nobody holding the front or protecting your back. In London the police were out in force and each community came out to protect their neighborhoods because they had the backing of police. Remove the police from the picture and see how brave those community members get when even a single rioters pulls out a firearm of any kind and opens fire. Unless you can return in-kind you'll see a quick disappearance of "the community" from the streets. Good thing that there are some people in some communities that think ahead and become the sheepherders for the sheeple that live there when the shit hits the fan.

The Koreans did good because they and their parents remember their own country's war. The Philippinos also do the same here also because they remember. How quickly the others forget and then try to bury the painful history.

There was a more detailed article that I was referring to, but I guess WikiPedia summary will have to be good enough to let you start digging into the official news report and video recordings.

Los Angeles Riots of 1992 - Koreatown

Koreatown experienced the hardest crime and destruction of the ordeal. Hundreds of Korean owned businesses were looted, damaged or burnt down and an unknown number of Koreans physically attacked. By the second day of rioting, the LAPD and County Sheriff had been overpowered by the number of rioters forcing the departments to pull all units from patrol. As violent rioters next turned its attention to firefighters, the LAFD also recalled their teams. This left unchecked crime and fires which quickly expanded. The Korean American community, seeing the police force's abandonment of Koreatown, organized gun-wielding groups to protect businesses and area residents. Open gun battles were televised live as shopkeepers defended their business from the crowds of violent looters.

All this talk and nobody posted a site up yet with all the perps identified and tagged? Sounds like design by committee, where there's only one real developer who understands and can do the work and a bunch of yakkers just chatting it up because they can't do it but want to be important or included.

C'mon, website up in T-minus how many hours?

PS: On a side note. Hearing the word Riot brings back the memories of the LA Riots and the one story that I remember is the guy with a hunting rifle living across the street from his friend's electronics store and keeping it looter free and allowing it to survive in tact while everything else got robbed or burned. When the shit hits the fan and the police aren't there to help you, just be prepared to help yourself and you'll do well! Too bad about London, as to quote FPS Russia, "One of those Beech countries, where you can't have guns!"