Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:Just disable it... (Score 1) 88

One thing that does help is virtualization and downsizing equipment. For example, moving from a desktop to a laptop, buying (or building) a decent server for virtualization, and even using low power devices for LAN services (I use an older Android phone to run a caching DNS service) can make a significant difference.

Especially with older hardware. Almost everyone has that old computer with sturdy hardware that works well. However, those older machines can eat a lot of power.

Comment: Re: What Would be a Trivial Amount? (Score 2) 88

One idea I've found that works, provided this is possible (i.e. you own the property), and one has the electrical ability, is to have a dedicated circuit for the little devices that comes from an inverter [1] and a set of batteries that charge from a PV panel array.

This doesn't have to be expensive. A common setup winds up being two 6VDC golf cart batteries in series (12 volts total), 2-3 PV panels, a decent charge controller [2], and an inverter. This won't run your air conditioner unit, but it will be big enough to handle a number of low amperage devices, and one can build a decent setup for well under $1000.

In fact, I did a jerry rigged setup to light a shed on the far side of a friend's farm using a cast off extension cord (it had the proper gauge wires when stripped), a cast off 200 watt panel, a $8 PWM charge controller from eBay, an old deep cycle battery, and a DC-DC converter so I could use some 340 lumen SunJack LED bulbs (with built in switches) that run from a USB port. All of this cost well under $100. The SunJack LED bulbs would run 8-10 hours on a 1.2 amp (or 12,000 mAh as the packaging says), so a 200 amp-hour battery that only has 50-75 amp-hours left can run the bulbs for a very long time without solar.

Another added benefit of having all the devices on their own circuit is that they are essentially on a UPS, so if power fails, they will still keep running.

[1]: Don't skimp here... buy a reliable PSW (pure sine wave) inverter, and go for a 1500-2000 watt model even though running at full tilt will discharge the batteries quickly. This is so that if one plugs something in that has an inrush current (refrigerator compressor, microwave), the inverter can handle it.

[2]: You can go with a MPPT controller, which allows for higher voltage panels (as it converts the voltage higher than what the batteries use into a lower voltage with more amps), or have more panels to handle how a PWM controller "lops" off any voltage it doesn't need.

Comment: Re:He's good. (Score 1) 166

by Sarten-X (#49363143) Attached to: Prison Inmate Emails His Own Release Instructions To the Prison

By definition it's not possible for everyone to be able to beat inflation.

Only for very wide definitions of "everyone", including VC investment, R&D, government subsidies, international trade, and every other economic influence, many of which are high-risk investments that effectively dump most of their money into lower-risk investment vehicles.

I'm not suggesting that if everyone invested in a widely-diversified portfolio, they'd be rich. That's ridiculous, since that's exactly what banks do with their abysmally low-return (but very safe) accounts.

I'm saying that if someone wants to invest and have a good chance of a good return rate, they have access to such things.

Understandable. Daniel Kahneman has some amusing anecdotes who people who work in finance really don't seem to figure out what it is they're really doing.

Well, that's nice, but beyond a thinly-veiled insult, do you have a point?

Comment: Re:victim shaming (Score 1) 166

by Sarten-X (#49363007) Attached to: Prison Inmate Emails His Own Release Instructions To the Prison

Let's assume that someone without "enough spare income for a whole portfolio" has the desire to invest, and the ambition and effort to do their own research. They'll find a whole class of funds and brokers that will pool several clients' investments into a single security purchase, and those brokers will often accept even a few dozen dollars' investment at a time. Most will also diversify investments appropriately, as well, as a part of their normal business.

Several investment vehicles have purchase minimums. The investment manager doesn't want to deal with the expense of managing accounts for thousands of small-scale clients. However, they'll often happily deal with a single broker purchasing on behalf of his own clients, as long as that broker manages all the busy work of distributing returns appropriately.

The brokers will take their cut from the returns, but it's still usually higher than a bank's low-risk-and-low-reward savings account.

Comment: Re:He's good. (Score 4, Informative) 166

by Sarten-X (#49361375) Attached to: Prison Inmate Emails His Own Release Instructions To the Prison

Having worked in finance, I can assure you that pretty much everyone* has access to investment vehicles with a larger return than 2%. The problem is that those investments are significantly more risky than a bank, and losing the investment is unlikely to be catastrophic to someone with a large supply of other diversified assets, but it could be catastrophic to someone with only a weekly paycheck to fall back on.

The solution to that problem is to properly diversify your investments for safety. An investment adviser can help with that, but they'll charge a fee for their work, and many people feel (accurately or not) they can't afford that service. There are books and other resources to assist someone in wisely choosing their own investments, but that requires ambition, effort, and the admission that one is not naturally a financial expert. That last part seems to be the most difficult to come by.

* American, not already in excessive debt, with a stable income... some disclaimers apply, but the vast majority of the American population qualifies, not just those who fall under the "rich" label.

Comment: Re:Say what you will about ULA... (Score 1) 39

by Sarten-X (#49361295) Attached to: Taxpayer Subsidies To ULA To End

Absence of proof is not proof of absence.

SpaceX is a young, hip company eager to show that it does things the public likes, including the OSS-loving public of nerds. They're different from existing spaceflight options, and they want the public support to help make those differences look like good things, especially if their business ever falls on the mercy of Congress.

ULA is a partnership of old companies who really don't care what the public thinks of them because they're operating under the status quo. They already have the political clout to be sure that any changes won't be disastrous to their business model, so drumming up public support is a waste of money.

I'd expect that an audit would find comparable uses of OSS, from Linux servers and BSD embedded devices to innumerable copies of PuTTY scattered across workstations.

Comment: Re:I'd put a 'may' there (Score 1) 39

by Sarten-X (#49361257) Attached to: Taxpayer Subsidies To ULA To End

From my own time working on government contracts, I have a similar experience, but a substantially different perspective.

Often, the most valuable people on the team are the ones who know what to do. Every process is the result of bureaucrats getting their say, so having a manager who knows what the bureaucrats want is a good way to know what to expect. It may be just knowing that eventually you'll need this report, or as intimate as knowing that reviewer will want that level of detail, but knowing the expectations from the other side of the phone call makes every part of the project run more smoothly.

Yes, this is reflected in the buying process as well. If they have a rapport with the contractors, the buyers know that they'll get what they want the first time, rather than waste their own time and money going through several rounds of revisions.

Comment: Re:Tipping point? (Score 1) 90

Platter technology will end up being pushed to the NAS/SAN, which is why WD is making their red line of drives.

Perhaps HDDs, now that speed and capacity are secondary, they will start evolving down the path of reliability, perhaps replacing tape as an archival medium.

NAS drives are going to be a big market, especially with devices like Apple's new MacBook with limited expansion capability, so people will use WiFi Direct hard drives as their main backup source, as opposed to USB drives. In this use, capacity is limited on the MacBook, and speed is limited, so drive makers (hopefully) will end up working on leapfrogging each other for reliability and security.

Comment: Re:Prepare to restore from backup often (Score 3, Interesting) 255

by mlts (#49350169) Attached to: Generate Memorizable Passphrases That Even the NSA Can't Guess

I have a third option: An admin passphrase that is a lot longer than my user passphrase, but had more retry attempts. That way, if the short passphrase gets typoed, I can still unlock the device with the admin one.

You are right about backups... that is why I have three of the USB tokens, just in case.

Comment: Re:Why SSD in a "do-nothing" PC ? (Score 1) 90

Had a similar choice when giving a laptop to a relative. I went SSD instead of SSHD because SSDs are physically more resistant to shock.

However, if given the choice with a desktop... I'd probably still use SSD, just because when I delete a file and fstrim the drive, the file is -gone- for good, since the drive controller will come around, write "1"s to all the pages that file used and call it done. Of course, keeping good backups when using SSDs is wise, just due to this exact thing.

Comment: Re:Still not allowed by many places. (Score 1) 255

by mlts (#49349543) Attached to: Generate Memorizable Passphrases That Even the NSA Can't Guess

I wonder if the ideal password manager would be one that would use a typed in password as a seed/IV (hash a seed and the sitename), with exceptions stored for sites which don't allow passwords generated with that tool to work. Some sites require a number, a capital letter, lower case letter, a symbol (well, not all symbols work), or some other random, annoying combination of the above.

Of course, the ideal password manager would store the password database with a master volume key, then each device accessing it would have the MVK encrypted to its public key. This way, if someone wants to add a device, they just allow access on another device. If someone wants to remove access, it is doable, but it would be wise to re-encrypt the DB to a new key for security. This is how PGPDisk did its encryption, and it completely deters brute-forcing, should someone get access to the data stored on the cloud, since there is no password, so the attacker has to deal with the entire key's keyspace.

Since the private key is on the device, the user just needs a PIN to unlock (with a timeout after too many wrong attempts), rather than a longer passphrase. Both iOS and Android have secure storage (KeyChain for example) which makes this easy to implement securely.

Comment: Re:Memorizing site-unique passwords isn't possible (Score 5, Informative) 255

by mlts (#49349459) Attached to: Generate Memorizable Passphrases That Even the NSA Can't Guess

I prefer 2FA when possible. Even a very tough password means nothing if by some means, it gets sniffed by some keylogger, or the password database on a cloud provider gets brute-forced.

For storage where one is using a passphrase for encryption, as opposed to authentication, I like using cryptographic tokens. TrueCrypt used to work with a PKCS#11 library so I could store a keyfile on a set of Aladdin/SafeNet eTokens. This not just made the key immune to brute force guessing... someone who physically possesses the token has three guesses of my unlocking passphrase before the token locks itself forever and zeroes out the stored keyfile. This also works with Symantec's PGP version, except that generates a public/private keypair, the private keypair always remaining on the token, while the public part is used for the file/drive encryption.

If 2FA isn't possible, then as above, some mechanism to help with password reuse is very wise. This is useful just in case some website decides to store passwords in plain text, so a person's secure "correct horse battery staple" is now compromised and added to every blackhat's brute forcing library.

Comment: Re:Run as user AND back-ups (Score 1) 167

by mlts (#49349239) Attached to: NJ School District Hit With Ransomware-For-Bitcoins Scheme

All consumer level ones are that shitty. Time Machine does have some OS level protection, but most just dump data to an external drive. Overwriting the files or just a format of the filesystem can easily destroy that backup.

Windows Server Essentials 2012 R2 has "pull" functionality to grab data from desktops. Another utility is Retrospect which can have a client installed on desktops.

Of course, the ideal would be a backup appliance like an EMC Avamar that deduplicated. Think Time Capsule, except that the appliance initiated the backups, stored them securely, and did the deduplication. Add decent disk encryption (perhaps a startup password or PIN entered on the appliance's webpage to mount the backup drives), and this would help versus malware.

Comment: Re:Run as user AND back-ups (Score 2) 167

by mlts (#49348067) Attached to: NJ School District Hit With Ransomware-For-Bitcoins Scheme

Most backups would be erased or encrypted by the ransomware. The problem is that people think in terms of disk failures or hardware failures, so have their backup solution based around this. Just this in mind, going with two SANs that replicate with each other asynchronously is the best thing to do, since the data is always available.

However, this doesn't factor in software designed to corrupt/encrypt backups over a long haul. This is going to take a dedicated backup server that pulls backups and stores them in a place where a machine cannot access (and thus tamper) with stored data. It also takes a long data retention policy, just in case.

However, in a lot of places, backups are like security -- they are viewed as having no ROI, so at best, you might get some mechanism to stash stuff on disk, but if a machine can back up to the disk directly, it likely can erase/modify stored data.

Comment: Same can happen at a cloud provider... (Score 1) 261

by mlts (#49338889) Attached to: RadioShack Puts Customer Data Up For Sale In Bankruptcy Auction

One scenario that I worry about with cloud providers is exactly this. The provider goes bankrupt, sells all data to someone else, and they now have all the servers and can use the container information, free, clear, with nothing the clients of the former cloud provider able to do about it legally, barring copyright violations.

Both Borders and RS both show a lesson -- yes, there is a privacy policy with company "A", but when the servers get under the ownership of a new company, that policy is out the window, and the data can be used for anything that the new owners desire. Multi-TB torrent? Perfectly legal.

If a cloud provider changes hands, I can see a new company digging through data just to extort people. Say they find a sex toy maker's customer list on a server. They can then send out a note that all customers of this maker will have their named published unless they "buy into" a privacy policy (removing the name from the list) for the low price of $99.99. Since the new company 100% owns the data, free and clear, this is perfectly legal.

At the source of every error which is blamed on the computer you will find at least two human errors, including the error of blaming it on the computer.