Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: Regulatory approval issue? (Score 1) 211 211

by Fencepost (#49998111) Attached to: Lenovo Could Remake the ThinkPad X300 With Current Technologies
I suspect that this is a regulatory issue related to the fact that they treat those cards as field-replaceable items. Since almost all of the cards used are going to be wireless adapters linking into the built-in antennas, they may only be whitelisting cards for which they ran testing.

I got burned by this trying to switch someone with cheap ThinkPad Edge systems over to 5GHz - turned out those cheap systems were sold with no choice of wireless, so the whitelist was very short. We ended up replacing some network infrastructure instead.

Comment: Re:*Please* don't use the old-style keyboard light (Score 1) 211 211

by Fencepost (#49998063) Attached to: Lenovo Could Remake the ThinkPad X300 With Current Technologies
Not sure what they're doing on the current line, but my T430 has 4 levels: off, low backlight, high backlight, screen-mounted light.

I use the backlit options all the time, don't think I've ever done much but blow past the overhead light though.

Comment: Re:Only in one specific case...? (Score 1) 104 104

by Fencepost (#49930205) Attached to: Samsung Cellphone Keyboard Software Vulnerable To Attack
I haven't dug into the details, but I suspect it's more "It only happens when the phone checks for a keyboard update and the server tells it there's one available."

The problem in that statement is if it's "the server" not "Samsung's verified server." If the signature on the downloaded file isn't verified but it's checked and downloaded only over a secure connection to a valid server then I'm less worried. If it's checking over a secure signed connection but downloading over an insecure channel that's a problem anytime they update (since the download can be MITM'd). If it's checking regularly in a way that can be spoofed, then this is a huge huge issue because any compromised / malicious open WiFi hotspot could be MITMing the check and download.

Of course, it's not like there are a lot of Samsung devices out there. They have a pretty small share of the market, right?

Comment: Re:Infecting HD BIOS, other flash? (Score 1) 189 189

I strongly suspect that if they're doing this kind of wholesale replacement they're going to be doing a lot more hardening of it, particularly in terms of communications between sites, etc.

They know the current system is infected, that they can't clean it (because they can still see signs of the active infection), and that effectively they're reduced to paper or ad hoc replacements to avoid using the infected system.

Given a choice between A) work with it as-is B) Let separate groups that can't do "A" come up with their own separate workarounds or C) Replace it all, probably leaving out all the "we can't block this because of X, Y and Z" since X, Y and Z are all being replaced.

In some ways it's almost like reinstalling your entire OS every year or two to clear out all the cruft, it's just on a much larger scale.

Comment: Re:Infecting HD BIOS, other flash? (Score 1) 189 189

Because at the end of one expenditure they have an aging computer and at the end of the other they have something if not new then at least much newer.

The end of Windows XP was a great example - I had customers who still had some XP boxes that were perfectly capable of running Windows 7 - PentiumM/Core/Core2 systems with 1-2 GB of RAM, etc. Adding RAM and purchasing a license for Win7Pro for those then installing, updating, installing software, etc. for 1-3 PCs per office wasn't something I could recommend to customers even though the end result would have been the same cost to them as just getting a new or off-lease machine preinstalled with Win7Pro. The cost to them would have been pretty comparable in either case, and the benefit to me in billable hours would have been higher for upgrading, but it's not something I'd do to my customers.

Think of it as the equivalent of fiduciary duty.

Comment: Re:Infecting HD BIOS, other flash? (Score 3, Interesting) 189 189

SURELY there is somebody who has enough knowledge and skill to do it

Absolutely there are people who could find all of it, and it may be possible to build or find a combination of tools to address all of the possible hiding spots they're able to think of. The problem is that those skilled people don't scale. As for the tool suite, while someone's attempting to assemble it, someone else is working hard at evading what's going into the suite - and even if they do put something effective together fast, how much confidence will there be that it actually got everything? It's like running a hastily cobbled together antivirus package on an already-infected system.

XKCD 1425 is actually somewhat relevant here in that a cleaning solution is that research team project, but Germany doesn't have the time to wait for it - better to EOL some equipment 2-5 years early and replace it than to wait for a solution that won't be available until have of that equipment would be EOL anyway.

And frankly, it's like something I tell my customers probably too often for my wallet's good: "I can fix it and I'd love to have you pay me to do so, but it's not worth you paying for my time to do so when we can replace it for around the same cost."

Comment: Infecting HD BIOS, other flash? (Score 1) 189 189

I can see why they'd be considering wholesale replacement, but I'm not sure it's going to be good enough for a long-term fix because of A) the scope of the problem and B) replacements that still have vulnerabilities. If the intruders have the level of access, time and resources that it sounds like and it's a "state sponsor" with substantial resources to dedicate, then they may have infected some systems at a hardware level that would be almost impossible to root out or detect.

Some of the things that might be compromised and difficult to detect or clean if detected would be hard drives (BIOS), network equipment (firmware in managed switches, routers, access points, etc.), printers and copiers (firmware, plus internal hard drives in some cases) and any other "appliances" on the network that are really special-purpose computers just like the items I listed above. Those "appliances" may be NAS devices, document management servers (some of which have been sold as turnkey solutions but which probably run Linux and some proprietary web and services software), HVAC systems, almost anything.

Comment: More and more computers are commodities (Score 1) 558 558

by Fencepost (#49884585) Attached to: Ask Slashdot: What Hardware Is In Your Primary Computer?
My best computer is a Lenovo T430 with a 1600x900 display, a 250GB Samsung 840 EVO MSATA SSD and 12 GB of RAM, plus a docking station for ease of external monitors. More than enough for almost anything I'm doing, though I've occasionally regretted not spending the extra $50 for upgraded graphics.

It does the job, but for 90% of what I'm doing I don't notice a huge difference in speed between that and a Thinkpad W700 with some level of Core 2 Duo. I figure at some point I'll drop $60 on a 120+ GB SSD and jump the W700 to 64-bit Windows, then see even less difference (Linux isn't a good option with the ATI switchable graphics in that generation).

My best non-portable is a venerable Core2Quad running CentOS that I need to get back up and running as a secondary Crashplan destination server.

Are these exciting? No, but they do what I need them to and if one dies or walks away it's easy to get back up and running with relatively little fuss due to backups and disk encryption.

Comment: Firewall & restrict access (Score 1) 117 117

That's what we're going to be doing with a few 2003 servers, all but one already running as VMs and that last one likely to be converted in the next month or two.

These are systems that need to be kept around for reference, old EMR or practice management systems where it wasn't feasible to export all data for import into a replacement system. Heck, in at least two cases I know of practices expressly deciding to not even migrate patient lists from an old billing/practice management system into a new EMR/PM system because the old system had data going back into the late '80s from physicians who'd been retired for 15 years on patients who'd not been seen in at least that long.

I fully expect that these systems will be kept around on life support until the expiration of the time period for which those records need to be kept. Records for any patients who have contact with offices now are exported (well, dumped into large PDFs) then imported to the new system, but in general I expect these systems to be alive for 10+ years from the date of switchover - fortunately we're not dealing with this at any places that see minors, and the number of disabled patients is small enough that their records (which may need to be kept permanently) can be PDFd and migrated.

Sure keeping the old system around is an expense, but it's still cheaper than going to the vendor of the abandoned EMR system for custom development of something to bulk-export records for thousands of patients - assuming that said vendor still exists. Paying tens of thousands of dollars for upgrades to disused systems just to get them on a more modern OS also isn't going to happen.

Comment: Not pretty, but just VM it (Score 1) 74 74

by Fencepost (#49444571) Attached to: 1+ Year Running Arch Linux On a Lenovo Yoga 2 Chronicled
Unless you have deep philosophical reasons to never ever run Microsoft software, for almost any cutting-edge hardware youmay be better off just running VMWare (Workstation or Player) on Windows, then running your Linux within the VM. You may lose convenient access to some features, but you'll also get the advantage of better hardware compatibility and with most usage you probably won't much notice the performance hit.

Comment: Re:Better question than "what's next" (Score 1) 83 83

by Fencepost (#49426263) Attached to: TrueCrypt Alternatives Step Up Post-Cryptanalysis
It's even possible that the (anonymous, uncompensated) devs were looking at all the crap they were going to have to change and deal with as a result of UEFI, signed bootloaders, etc. and otherwise increasingly restricted hardware and said "screw this, I have kids now, maybe my own startup, I have a ton of things I can spend my time on that are just as satisfying and that I don't have to avoid talking about with anyone."

Comment: Way back in the day.... (Score 1) 290 290

by Fencepost (#49412013) Attached to: Is This the Death of the Easter Egg?
Back when I was writing stuff that distributed as compiled Windows executables, I'd throw a little window into the About of programs that had GUIs - if you held Ctrl-Alt-Shift and clicked the app icon the About text would change to include the names of the team and (depending on space) possibly a `fortune` style pithy saying.

Pretty mild, and if anyone had complained about the waste of time to implement changing the text of a few fields in an existing screen it would have served as a good person filter.

"Ninety percent of baseball is half mental." -- Yogi Berra