Forgot your password?
typodupeerror

Comment: Re:It Depends (Score 3, Informative) 330

That's completely the wrong approach..
If your hosts aren't secure enough to be on the public internet, they shouldn't be on an internal network either. Many attacks come from the inside, and if you have a large number of insecure hosts hidden behind a border firewall then all it takes is one tiny hole and everything can come crashing down, as has happened many times in the past.

A firewall is not the ultimate answer, and nor should it be your only line of defense. If hosts are correctly configured, then a firewall won't actually improve security as the only services exposed on the host will be ones you intended to run and thus explicitly allowed through the firewall.

Comment: Re:Fire(wall) and forget (Score 2) 330

If ports are unused, then the hosts themselves will reject any traffic sent to them without the need of a firewall...
If the hosts are running services you don't want, then you haven't configured your hosts correctly and hiding poorly configured hosts behind a firewall is not the answer.

Comment: Necessary? (Score 1) 330

Assuming the servers are correctly configured and hardened, then a firewall is an additional layer - ie the ports allowed by the firewall will be those ports that you have explicitly opened on the server, nothing else should be present irrespective of what the firewall allows. Wether you then need one depends on your budget, your risk profile, wether you need to comply with any external requirements (like pci-dss) etc.

Personally i have many servers with no firewalls, because having a firewall would add additional hosting cost, additional point of failure, additional attack surface, additional latency, and the servers themselves don't run any services that aren't intended to be open to the internet (and thus everything thats running would be allowed by the firewall anyway).

The benefits of having a firewall in my case - an extra place for logs incase my host is compromised, and the ability to control outbound access if the host is compromised, are outweighed by the downsides. The chance of the host actually becoming compromised in the first place wouldn't be decreased by the addition of a firewall, but you'd have the additional risk that the firewall itself could be compromised.

Comment: Re:This a wheeze to get Office 2013/ 365 cheaper (Score 2) 164

Short term it may cost more, long term it should save a lot... As someone who fully expects to still be paying taxes in 10 years time, i welcome long term savings.

As for interoperability, they are the government... You either want their business (eg suppliers), or you have no choice (eg taxpayers)... If they require that you submit documents in ODF then that's what you do, or they will find other suppliers who will.

Comment: Re:Hmmm, (Score 2) 112

Security through obscurity is an accident waiting to happen... When you talk about a system that noone would bother trying to hack, consider the bitcoin exchange mtgox - it started off as a simple site for trading game cards, and initially bitcoins had very little value - there was very little interest in hacking it. Then pretty much over night bitcoin exploded in value, making it a very tempting target indeed.

Also when you talk about a power plant system, a one way link is the security, not the obscurity aspect.

A secure system is one where even those who know the system inside out cannot break into it.

Comment: Re:you are not an ally. (Score 1) 235

by Bert64 (#47381903) Attached to: Radar Changing the Face of Cycling

There's a lot to be said for consideration on the roads... And riding two abreast when doing so makes it hard for faster vehicles to pass is extremely inconsiderate, irrespective of legality.
If you're doing something which unnecessarily inconveniences others why should they show you any consideration in return? There are many instances where the slowness and instability of a bike could make certain manoeuvres impossible or extremely dangerous, and car drivers will often allow bikes to pass when they aren't legally obliged to. The more you do to unnecessarily piss drivers off, the less they will do to help you.

Comment: Re:What we need... (Score 3, Informative) 235

by Bert64 (#47381881) Attached to: Radar Changing the Face of Cycling

The problem is that there are no license requirements for bikes, so many riders are totally unaware of the actual laws, and often highly inexperienced..
Drivers at least have to pass a test, and while there are plenty of bad drivers they should at least have some experience and understanding of the rules.

On a daily basis i see bikes ignoring red lights, while to see a car go through on red is pretty rare. Just yesterday i saw a bike come off of a footpath, go directly across a 2 lane road without slowing or checking for vehicles (causing several cars to hit the brakes) and into the wrong end of a one way street.

And it's no better as a pedestrian, i was shouted at by a bike rider who took issue with the fact i was in her way by walking down the sidewalk causing her to hit the brakes. It's illegal to ride there, why should i be forced to get out of the way of a bike speeding down the hill ringing a bell and shouting?

Also when trying to cross a road, you get a group of vehicles which pass you, and then a long spaced out stream of bikes that fill in the gap before the next group of vehicles - giving you no time to cross.

Comment: Prepaid sims... (Score 1) 146

by Bert64 (#47341315) Attached to: Ask Slashdot: SIM-Card Solutions In North America?

The UK system of vending machines in the airport is extremely convenient (and the vending machines typically support a bunch of languages and different network sims too), i wish other countries did something similar...

You can buy prepaid sims in most countries but often not in the airport, and quite often the pricing will only be displayed in the local language etc so it can be hard to work out what you're actually getting for your money (and quite easy to get ripped off in the small phone shops).

I just want a cheap prepaid sim that the people i'm visiting can call me on, and with a decent data allowance so i can use google maps etc. It would also be extremely convenient if you could buy them before you travel and have them shipped to you.

Comment: Re:Old software... (Score 1) 176

by Bert64 (#47330905) Attached to: Ask Slashdot: Is It Feasible To Revive an Old Linux PC Setup?

Just find something with PCI... Then you can use a fairly modern motherboard with easily obtainable ram in useful quantities, and use PCI cards for everything else - video, sound, and find an old SCSI controller instead of IDE.
The board/cpu itself should be fully compatible with the older software, and using pci cards solves the problem with lack of drivers for the older hardware.

Comment: Re:What's the solution? (Score 1) 205

And how would these rating agencies select the code they were going to audit?
They can't audit everything, so they would prioritise... Vendors would pay to have their code audited, and perhaps try to corrupt the process to get a better rating. OSS code would not be able to pay to get audited, and thus would never have a rating at all.

There are already various governments operating such schemes, they are extremely expensive and slow, with the final result being a small cartel of incumbent suppliers where the "approved" versions are horrendously out of date and often suffer from known vulnerabilities.

You will lose an important disk file.

Working...