Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment This article misses the point (Score 1) 217

I feel like this article was written by someone who hasn't been paying attention to the email landscape for the past twenty years. The checking services that the author lists don't make sure your DNS PTR records are correctly set up. They don't make sure that your server isn't an open relay. And they don't insure that your server is RFC compliant. They run your content through SpamAssassin and invert the score to rate your chances of successfully delivering a marketing message. I also run my own mail server. I'm not doing it to provide you with a medium for your marketing messages. I'm doing it to provide a noise free communications path for my users. I'm probably better than most because if my users complain about losing _any_ messages, I consider that my problem and use appropriate tools to fix it. But email has been under assault for the past twenty years by people who want to sell us things without regard for our interest in buying them. Anyone who expects that landscape to be a green pasture of ease rather than a battleground is sadly out of touch.

Comment Re:How much electricity do refineries use?? (Score 1) 188

I would bet that they use hardly any. Distillation of crude oil into component fuels like gasoline or diesel mainly requires controlled heat. In the best case a refinery would use natural gas or propane heaters to drive crude oil to the liquid-vapor transition temperature of whatever product they want and then use a tall column and a condenser and a condenser to capture their desired output. In the worst case the heater would be powered by the crude oil itself. It's quite likely that they just siphon off some of the diesel, which burns pretty clean, as a fuel for their heat source.

Comment Re:Exactly I've made this point here many times (Score 2) 188

That 93% efficiency is the ratio of watts arriving at the socket over watts generated at the plant. The watts "lost" between those two places are lost heating up the transmission lines. The 59 ~ 62% figure is the ratio of watts of electricity generated at the plant over BTUs of heat generated by burning fuel to heat water and create steam. Systematically, the 59 ~ 62% is more important.

Key to the discussion is the fact that energy comes in two forms: "heat" and "work". Heat is thermal energy. Work is the energy of motion or electricity. In layman's terms we usually don't differentiate between a "motor" and an "engine" but that difference is also very important here. Technically, a "motor" converts work into motion and an "engine" converts heat into work.

In the system that is an electric car powered by a remote power plant:
  • The heat comes from burning fuel at a power plant to create steam;
  • Passing the steam through an engine, a turbine causes the turbine to spin; this creates work;
  • The spinning turbine drives a generator converting work of motion to work of electricity;
  • The electricity travels over power lines to batteries in a car;
  • Later, we throttle the stored electricity from the battery through an electric motor to create motion.

Thus the overall fuel-to-motion efficiency of an electric motored car is: (59 ~ 62%) * 93% * battery_efficiency. Battery efficiency of Li-Ion batteries is well above 90% if I recall correctly. But assuming the worst, electric cars are at least 49% fuel-to-motion efficient.

In contrast, the fuel-to-motion efficiency of a car powered by an internal combustion engine hovers in the 35% range today due to market constraints on cars.

Note well that this analysis is generous to internal combustion engine automobiles because it does not account for the difference in energy cost for refining crude oil into typical automotive fuels like gasoline or diesel.

Comment Re:pfSense is a winner (Score 1) 238

Another vote for pfSense on Soekris here. I'll admit that I prefer straight up OpenBSD but for quick and dirty, pfSense is the way to go. Which Soekris is the real question. If you don't mind the spend, the Net6501 is best. It's got well supported gigabit nics so it will handle full speed traffic from Verizon FIOS, Google Fiber, or the top speed of a Docsis 3 modem. Net5501's show up on eBay irregularly in the $150.00 range. It doesn't make sense to buy them new as they are not much cheaper than the big brother Net6501. You can put a multi-port intel Gigabit card in a Net5501 but it will run hot so you probably want to spring for the larger rack mount case or just get the Net6501. Both the 6501 and the 5501 have more grunt than you need for a firewall/VPN box provided that you don't need to run 5 or more concurrent VPN connections terminating on the soekris' CPU. The last advantage of the net5501 is the presence of a USB 2.0 connection on the front panel. The net4801 is actually a workable solution for pfSense as a firewall/VPN termination box. They commonly show up on eBay in the $60 ~ $100 range. I wouldn't bid more than $80.00. If you find that the lack of CPU horsepower is getting in your way, search for a soekris VPN1411 card, again on eBay. These are typically very cheap, $25.00 and do hardware crypto offload, allowing a Net4801 to handle multiple VPN streams if that's your fancy.

Comment Re:Audit necessary (Score 1) 136

Anyone using ssh to it's maximum security potential isn't sending a password across the channel more than once. On new systems I use some variation of the following to push my key onto the remote system.

$ ssh-add
$ ssh -A myUser@remoteSystem "ssh-add -L >> ~/.ssh/authorized_keys; chmod 644 ~/.ssh/authorized_keys"

Anyone using ssh with passwords would do well to read up on public key authentication in ssh.

-- Ecks

Submission + - Deepwater Horizon had BSOD issues (nytimes.com)

Ecks writes: The testimony has started in the Deepwater Horizon case and in addition to other problems it looks like they had major BSOD issues with their computer system. The whole thing article is an interesting read. It's on the NY Times site so registration is required.

"Problems existed from the beginning of drilling the well, Mr. Williams said. For months, the computer system had been locking up, producing what the crew deemed the “blue screen of death.”

“It would just turn blue,” he said. “You’d have no data coming through.”


Submission + - BSOD on Deepwater Horizon

ctdownunder writes: "The emergency alarm on the Deepwater Horizon was not fully activated on the day the oil rig caught fire and exploded, triggering the massive spill in the Gulf of Mexico, a rig worker on Friday told a government panel investigating the accident...Problems existed from the beginning of drilling the well...[f]or months, the computer system had been locking up, producing what the crew deemed the blue screen of death." http://www.nytimes.com/2010/07/24/us/24hearings.html?hp

Submission + - Which Is Faster: Debian Linux or FreeBSD? (phoronix.com)

An anonymous reader writes: Phoronix has published a new article in which they look at the performance of Debian GNU/Linux, Debian GNU/kFreeBSD and FreeBSD itself. Debian GNU/kFreeBSD is the new port of Debian that includes the GNU Debian userland and GNU C library but replaces the Linux kernel with the FreeBSD kernel. The 7.3 and 8.0 releases of FreeBSD and its kernel were tested and 2.6.32 was the Linux kernel version used. Debian GNU/Linux won handsomely in a majority of the tests, but it was not the hands-down winner.

Comment Re:China asks Slashdot how to catch hungry minds (Score 1) 403

All network admins operate in the political domain. Several people here have mentioned that SSH forwarding works in China as I'm sure it does in Iran and Pakistan. Standard SSH on port 22 may just be too useful a tool socially and economically to block. As a consultant I find it rare to visit a shop that blocks SSH anymore even though most of the security admins that I know are well aware that with Putty you can forward any port inside to any port outside as you wish. Of the admins that I meet, most shrug this off as a non-problem saying:I know that users can circumvent any block on my firewall using SSH and port forwarding but the vast majority of my users don't have the arcane knowledge to do that.

We might not be the right people to ask since anyone on Slashdot could find Putty and the right configurations to do this in 15 minutes of searching on Google. And that assumes that the person asking is stuck on MS Windows. In Linux or OS X it's built into the OS.

I'd disagree that SSH is the best way to do this. A VPN is better because using a VPN allows you to hide in a class of users that the attacker wants to court and curry the favor of. The Chinese government wants our business so they must consent to our business people using strong encryption on our communications back home. SSH forwarding is one way to do this but a VPN is a much more common part of corporate IT security policy. If SSH is socio/economically difficult to block, a VPN is even more so.


Low-Level Format For a USB Flash Drive? 252

Luyseyal writes "I unwittingly bought one of these terrible flash cards at Fry's and have managed to nuke two of them, successively. I have a USB flash card reader that will read/write the current one at USB 1.0 speed, but it locks up every Ubuntu and XP machine I've come across in high-speed access mode. I have read that if I low-level format it that it could be fixed, though my current one doesn't support it. My Google-fu must be weak because I cannot seem to find a USB flash reader that specifies that it will do low-level formatting." Can anyone offer advice for resurrecting such drives?

Comment Re:Soekris (Score 1) 697

The Net 55xx boxes are a good choice here so I'll second the recommendation. I've replaced my firewall routers with net 5501 and a net 4801. The 5501 has a $10.00 kit for attaching a SATA drive. My 5501 with Sata consumes 15W continuous.

Comment Re:A measely 6k attempts over 4 days? Who cares? (Score 1) 391

Furthermore, since most of the methods that people use to discover brute forcing attempts rely on a high rate of attack, these slow attacks are immune. I'm not sure how the oft mentioned denyhosts works but the author of the original article is using FreeBSD and OpenBSD with the pf filewall which can blackhole brute forcers based on rate of attack. Using the pf method with settings aggressive enough to catch the latest round of attacks runs a high risk of blocking valid users. I'm seeing the same issue as the original article's author and I've noticed as he has that my OpenBSD boxes have not been targeted. FreeBSD, NetBSD, Ubuntu and Debian on the other hand.

My suggestion: Use Public Keys as much as possible. Systems allowing only Public Keys are immune to these attacks and you don't get the nasty log messages as well. If you must allow passwords disallow them for root. You can get root access by configuring sudo for users and via Public Keys for scripts.

# PasswordAuthentication no ## Best -- Public keys required for login
# PasswordAuthentication yes ## Only if you must.
# PermitRootLogin no ## Best -- root cannot login remotely.
# PermitRootLogin without-password ## Better -- root can login via key but not with a password.

Comment Re:HP (Score 1) 557

Not sure I agree on the predatory ink pricing but I solidly see your point if you are looking at their cheapest inkjet printer. For color output I have an HP 2250 that I've been happy with. Ink is $130 for all four cartridges but lasts about 2000 pages. The 2250 was marketed as a SOHO printer when I bought it in the late 1990s (perhaps 1999) I bought the postscript cartridge and maxed the memory later. It's okay but the cost to print is considerably higher than the laser but I expected that when I bought it. My experience with the 2250 led me to convince my father-in-law to buy an HP 7210 all-in-one. This was a solidly bad decision. The ink is expensive, and the networking is completely non-standard. I spent a week chasing network bugs with it before kicking it to static IP. Even after that the driver software basically hung up windows at shutdown or reboot.This was for lack of a routine to handle the UserDrivenShutdown() event.

-- Ecks

Slashdot Top Deals

A meeting is an event at which the minutes are kept and the hours are lost.