Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Comment Re:Urg. (Score 2) 31 31

Bingo. People are throwing up their hands and surrendering, when in reality, the bad guys tend to use fairly simple means to get their data.

A few things that help privacy for me:

1: Visit people, and have face to face conversations. Phones should go off, or in a pocket.

2: Have 2FA. This right here stops all but targeted attacks where an attacker is spending resources just to nail one certain person. To help with recovery, buy the new iPod Touch and copy your 2FA info onto that as well, so more than one device has the 2FA apps and codes.

3: Separate boot authentication from user authentication. My Windows box requires a hefty password to boot with BitLocker. Similar with my Linux machines and LUKS.

4: AdBlock, FlashBlock/ClickToPlay, and run your Web browser in a VM. Also work on dealing with Web fingerprinting (visit EFF's Panopticlick for more details.)

5: Avoid social networks. Once stuff goes there, it stays there.

6: Virtualize everything. Using Quickbooks or Peachtree? Put it in an encrypted VM.

7: Since some games will autoban you if you run them in a VM, perhaps consider a dedicated Windows partition just for those.

8: Here in the US? Go with EMV credit cards with no stripe. Banks are slowly rolling them out. This way, a credit card number can be grabbed, but it would be a card not present transaction, as opposed to slurping the info off the magstripe.

9: Minimize use of IoT devices. No Wi-Fi deadbolts, etc.

10: Have a smart firewall. One that blocks outgoing traffic. I used to have one that used a cheap remote that would raise/drop a voltage on a serial port, so when I left, I could hit the remote, and the machine handling the routing duty would insert an "away" ACL set (which basically blocked outgoing traffic except for OS updates.)

Comment Re:cost per bit... (Score 4, Interesting) 125 125

I can see this being used two ways:

A fast SSD.

A swap device/slow RAM.

This can make things interesting for SANs, especially because it adds another tier to the disk type hierarchy.

I'd like to see it used as a cache, as well for swap and the core OS files so booting is made quicker. However, it would be useful for database index volumes as well.

Comment Re: So what? (Score 2) 463 463

I've found that "business casual" means a lot of different things as per workplace.

When I first started at a call center ages ago, "business casual" meant the people on the phones had to wear a suit, tie and jacket, but there was the relative luxury that the top button could be unbuttoned.

Another startup, "business casual" meant just three layers of food in your beard.

Still another place used the expression to mean that wearing a decent golf shirt tucked in is OK.

Comment Re:EMC Isilon (Score 1) 215 215

Isilons are a cool technology. Take FreeBSD, add a custom filesystem (OneFS), link individual nodes via Infiniband, and let the custom code automatically select which nodes/drives to fetch data from. If a hard drive blows, it shrinks the array in order to maintain redundancy.

Of course, Isilons support deduplication, iSCSI (you create a disk image and mount that), and your NAS protocols of choice. If you set a hard quota, the presented directory can be configured to show the quota as the disk space present. Very nifty, and not that expensive for an enterprise array. Need more space? Add drives or more nodes.

For long term backups, Isilons support NDMP [1].

[1]: Of course, you can always connect a tape silo to a UNIX machine, write a script that SSHes into an Isilon node and pulls off /ifs/data.

Comment Re: Talk to Vendors (Score 1) 215 215

Unless I'm completely hallucinating, I have set up MPIO on ESXi for iSCSI, as well as a LAG (link aggregate) for a NFS based backing store.

iSCSI has its place in the enterprise, and it can be used in production. If the NIC supports it, it can even be used for booting. How does it fare against 8GB FC? In reality, there are a few tasks which will saturate a 10GB iSCSI link or an 8GB FC link, but not that many.

All of these are just tools in the toolbox. iSCSI is easier to get going ad-hoc (but still be useful with MPIO), FC is well known and well used, and FCoE seems to be popping up because it works well with Cisco Nexus architecture.

Comment Re:Talk to Vendors (Score 2) 215 215

Oracle has a SAN (well, SAN/NAS) offering which does similar with a rack of ports/HBAs that were configurable, assuming the right SFP was present. Want FC? Got it. iSCSI? Yep. FCoE? Yep. Want to just share a NFS backing store on a LAG for a VMWare backing store. Easy doing.

The price wasn't that shocking either. It wasn't dirt cheap like a Backblaze storage pod, but it was reasonable, especially with SSD available and autotiering.

Comment Re:Meta data? (Score 1) 292 292

I'm rather disappointed to see that this comment is so far down the list, but it's exactly right, as far as I understand.

The law itself isn't being claimed, but the notes and analysis are. It's the same analysis one could get by going to a library and poring over case history for a few years, but presented in a concise and topical format. You don't really need that information to know the law. You might need that information to defend yourself optimally in a court case, in which case the normal and reasonable expectation is that you'll hire a lawyer (even a public defender) or go to a library and figure it out yourself.

Comment Re:VeraCrypt (Score 4, Informative) 114 114

There were two forks coming from TC. CipherShed was another, but it hasn't been updated since pre-alpha, so it is probably good to pronounce it dead, so VeraCrypt is arguably the successor for TrueCrypt as of now.

If I were only worrying about Linux, I'd either use LUKS or perhaps a filesystem based encryption process like EncFS. EncFS doesn't provide as much protection (it does let an attacker know file sizes in a directory), but it is definitely a lot more flexible, and the encrypted files can be backed up and restored with ease.

Comment Re:Never heard of it (Score 2) 114 114

The stego capabilities of Tomb are interesting. The print to QR code for backups for keys is also much appreciated.

For me, what is important in a TrueCrypt replacement is cross-platform compatibility. I could create a TC volume on a NAS with a Windows box, mount and toss some files into it with my Linux machine, then mount it on a Mac (obviously, not having multiple machines mounting it at the same time) for more items. VeraCrypt has kept this, and has added the ability to use TC volumes under W8.1, a long needed feature (well, if you want to actually see more than a permissions denied error, that is.)

I do think it is interesting how Tomb allows one to hide a key within pictures.

Of course, what would be nice for a unique encryption program would be something along the lines of PhonebookFS. Based on EncFS, it allows one to use multiple keys to mount a directory, each key showing a different group of files (called layers). In that directory are random, "chaff" files, just to keep people from guessing the contents of the directory by file sizes. The advantage of this system is that plausible deniability is always present.

I do applaud anyone who takes the "cypherpunks write code" motto to heart and actually writes something to benefit the community.

Comment Re:Good (Score 1) 270 270

We should try this. For Science!

No offense or hard to you or your head intended... just curiosity regarding the terminal velocity and freefall aerodynamics of a quadcopter, especially when the object below it is rather delicate (like, say, a pool of ballistics gel).

Has such a situation been tested, since the introduction of tiny and lightweight devices?

Comment Re:Good (Score 4, Insightful) 270 270

I've often heard this repeated, but is it actually true?

As much as anything in law, yes. That is to say that it is the general case, but you still get the chance to argue about it in front of a judge* if following the general rule has somehow bothered someone enough to make a harmony-threatening societal problem. Let's break down your example by each fact.

Suppose I'm in a public space...

Then you have no general expectation of privacy, but let's go on.

If someone walks up we stop talking.

Ah, but now you've provided an indication that you want privacy. Now we have a conflict of general rules.

Does this mean that someone ... with a parabolic mic can eavesdrop on my conversations...

Sure, because you're in a public place.

...(from the government) ... without a warrant?

No, because you've shown that you do not consent to their search... ...maybe.

It really depends on local precedent and established case law. Pretty much, if this ever comes up in a court, it would be a good opportunity to argue at length in front of the judge. On the one hand, you were in public, and you should be aware that any kid with a $50 toy microphone or $5 radio bug could listen to your conversation. On the other hand, the government is held to stricter rules (namely the Fourth Amendment) than a kid with a large allowance. If you're stopping for everybody, then you can argue that you aren't intending to obstruct justice or hide evidence of a crime (which might be useful justifications to sway the judge). On the other hand, you didn't check the park bench for bugs before talking, so maybe you didn't really care about more organized eavesdropping.

The argument is that it's only what a policeman would hear if he walked up and listened, but in that case we would stop talking.

No, the argument is whether it is reasonable to expect that your conversation would remain private. That depends a lot on the extent to which you tried to hide your conversation, and the opinions of judges in the area. Different public places have different standards for privacy.

I have every expectation of privacy if I take steps to ensure that privacy

You can expect a pony, too, but the justice system doesn't need to recognize that expectation. Rather, the key word often omitted (including in my earlier post) is that you may have a reasonable expectation of privacy... and again, that depends heavily on the local definition of "reasonable".

Does this mean that the police can video-tape the sidewalk from the window of any office building without a warrant?

In many cases, yes, and they do.

I also note that there's no expectation of privacy *in your home* if you don't have the drapes closed. The implication is that we don't have an expectation of privacy *anywhere*, except in our homes and only if we're concealed.

That is correct. If you don't care enough about your privacy to close the drapes, then why should the court care enough to punish someone who looked in? Now, if your house was very far from the nearest public area, such that it would be unreasonable to worry about someone seeing clearly through that window, then there's room to argue that, as well.

Does that sound like a free country?

Yes. It sounds like a country where I am free to walk in a park without worrying about violating someone's privacy because I have good hearing, and where I am free to bring birdwatching equipment out to where birds are. I am free to look at my neighborhood houses, and I am free to leave my drapes in whatever state I wish. The price of that freedom is only that I must recognize others' freedoms as well, including their freedom to communicate privately.

In any event, we shouldn't be mindlessly repeating that meme as if it's the "law of the land".

It is usually the law of the land, though. Other laws (like the Fourth Amendment) may supersede it, but yet again that's an issue for the courts.

Instead, we should be mindlessly repeating things things that sway public perception in a better direction.

A very good idea. I tend to like "You do not have a moral or legal right to do absolutely anything you want."

It's fairly short, and sums up the entirety of the legal system and most moralities as well. In this context, having an absolutely private conversation in a public place counts as "absolutely anything", and you don't have a right to that. Always being able to eavesdrop on someone else's conversation also counts, and I don't have a right to that, either. With a bit less extremism, however, we can all get along.

* This whole post assumes a judicial process similar to what the United States has, and specific examples are also based on an American perspective.

Comment Re:Misleading and Hyperbolic Title/Comparison (Score 2) 129 129

I do agree that it isn't a remote root shell hole, but it can be combined with something like the SSH brute force vulnerability or another attack that can execute shell commands as an unfettered user... and then the box is compromised.

The good thing is that Macs have functionality similar to SELinux as well as sandbox capabilities via the App Sandbox. This should be something used by all programs whenever possible, since it allows the OS to isolate the program from the rest of the filesystem and OS, helping mitigate a compromised program.

Hopefully Apple can issue a fix in a short amount of time, because this is an easy exploit to use, and combined with something like a broken Java variant, could be used via the Web browser to hijack the entire box.

"It might help if we ran the MBA's out of Washington." -- Admiral Grace Hopper

Working...