ers81239 - Slashdot User

Sign up for the Slashdot newsletter! OR check out the new Slashdot job board to browse remote jobs or jobs in your area

Do you develop on GitHub? You can keep using GitHub but automatically sync your GitHub releases to SourceForge quickly and easily with this tool so your projects have a backup location, and get your project in front of SourceForge's nearly 20 million monthly users. It takes less than a minute. Get new users downloading your project releases today!

5289367 submission

Submission + - Keeping up with security requirements in Linux.

Submitted by ers81239 on Wednesday July 22, 2009 @03:09PM

ers81239 writes: I've recently become a Linux administrator within the Department of Defense. I am surprised to find out that the DoD actually publishes extensive guidance on minimum software versions. I guess that isn't so surprising, but the version numbers are. Kernel 2.6.30, ntp 4.2.4p7-RC2, openssl 9.8k and the openssh to match, etc. The surprising part is that these are very fresh versions which are not included in many distributions. We use SUSE Enterprise quite a bit, but even openSUSE factory (their word for unstable) doesn't have these packages. Tarballing on this many systems is nightmare and even then some things just don't seem to work. I don't have time to track down every possible lib/etc/opt/local/share path that different packages try to use by default. I think that this really highlights the tradeoffs of stability and security.

I have called Novell to ask about it. When vulnerabilities are found in software, they backport the patches into whatever version of the software they are currently supporting. The problem here is that doesn't give me a guarantee that the backport fixes the problem for which this upgrade is required (My requirements say to install version x or higher). There is also the question of how quickly they are providing the backports.

I'm hoping that there are 100's of DoD Linux administrators reading this who can bombard me with solutions. How do you balance security with stability?

4849209 comment

Comment Re:Yes! (Score 2, Interesting) 345

by ers81239 on Saturday June 13, 2009 @07:22PM (#28323243) Attached to: Are Code Reviews Worth It?

I just want to highlight your second point. I believe that THE most important thing gained from code reviews is the spreading knowledge and gaining understanding. New development is always great, but most programming is maintaining/fixing/improving existing projects. A code review is a great way to really learn about code readability. You actually get to see other people read your code and you get to read other people's code. All of this code is fresh in someone's mind so it can be explained, and how to make it more readable can be discussed. I learned a ton about writing maintainable code at my first job where we did regular code reviews.

On the more technical side, often once the code is discussed much simpler ways to solve the problem is discovered. It isn't about the individual bug fixes/improvements that can come from a code review. Its really a way to improve your programmers.

4061503 comment

Comment mIRC (Score 1) 360

by ers81239 on Tuesday April 07, 2009 @09:16AM (#27487999) Attached to: Internal Instant Messaging Client / Server Combo?

I have seen mIRC used in situations even more secure than the one you describe.

3861271 comment

Comment Of course. (Score 0, Offtopic) 396

by ers81239 on Monday March 23, 2009 @09:40AM (#27297255) Attached to: Researchers Demo BIOS Attack That Survives Disk Wipes

Last I checked, the BIOS lives in a chip, not the HDD. Thus the magic diskless booting. How is this news?

2225937 comment

Comment Military Aircraft Better (MAB) (Score 1) 397

by ers81239 on Tuesday October 28, 2008 @09:04AM (#25539977) Attached to: Why Your Clock Radio Is All Abuzz About iPhones

This must be one of the things that make military gear so expensive. I've flown military aircraft with multiple cell phone calls going on onboard and there isn't any interference at all.

100414 submission

Submission + - AMD 690 Series IGP Chipset Launched

Submitted by MojoKid on Wednesday February 28, 2007 @08:16AM

MojoKid writes: AMD has taken the wraps off their first product in the chipset arena since the acquisition of ATI last year. Here is a preview look at AMD's new 690 series chipset with integrated Radeon X1200 graphics. Poised at taking on NVIDIA's long since mature nForce 430 chipset, AMD has provided a competitive new offering in the IGP space it seems. The RS690's integrated Radeon X1250 sports a 400MHz, 128-Bit graphics engine, is Direct X9 compatible and has a maximum resolution of 2048x1536 with 32-Bit color. In addition, both VGA and HDMI outputs can run independently and its HDMI interface supports the 1.2 specification as well as HDCP 1.1.

100382 feed

Feed What Would Jesus Wiki? (wired.com)

From feed by wiredfeed on Wednesday February 28, 2007 @07:12AM

Conservapedia is the web's go-to reference for conservative Christians, but for everyone else it's one of the biggest laughs on the net. By Michael Calore.

100372 submission

Submission + - New technique for recycling PCBs

Submitted by

MattSparkes

on Wednesday February 28, 2007 @07:04AM

MattSparkes writes: "PCBs from discarded computers, cellphones and other devices could be recycled less harmfully using a technique developed by researchers in China. Unlike current methods, it can be used to reclaim metals such as copper without releasing toxic fumes into the air. Only a small numbers of PCBs are currently recycled."

Slashdot Top Deals