Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Comment Re:What the doctor ordered... (Score 1) 699

I don't want to be that guy, but this is why you 1. Don't type fast when your command starts with rm -rf;

I typed this slowly: rm -rf /;

2. Never rm -rf by absolute path at all;

cd /; rm -rf .

3. Never start typing rm -rf at all, but type the rest of the command first and then edit in the rm; and

/<^H><^H>rm -rf ? how does this help ?

4. Don't use root shells, but sudo, and edit in the sudo last on potentially destructive commands.

sudo rm -rf / ? sudo /<^H><^H>rm -rf ?

There may be good reason to break one or more of these rules at one time, but never all four.

There is no substitute for just knowing what you are doing, and not doing the bad thing. I've seen people complicate their lives with incantations, and all it usually does is make it fail in a more complicated way. Simplicity is easier to remember.

Comment Joanna Rutkowska is right: read-only BIOS sticks. (Score 1) 699

you need for the BIOS to be a read-only thing that can only be written from another computer. Yes, it can be rather inconvenient to have to have a removable BIOS stick, but it would be simple to recover from this by just removing the stick and re-writing it on another machine. Having a read-only BIOS is great against hacking also. It also makes bios upgrades safer. You just have two sticks and always keep your old one as a backup.

Comment there are some good people still in this business. (Score 5, Informative) 244

Full disclosure: my relationship with these people is as a happy customer for... I dunno around a decade for a mid-size organization of about 6000 mailboxes. Sorry if this reads like a commercial, I really am just that happy with these guys. they provide and support CANIT PRO, which is basically mimedefang and spamassassin on a debian base, with dynamically updated blacklists and filtering rules. It works really well. David is one of the guys behind behind mimedefang, so you are also helping open source by going with these guys. The pricing for us was really decent.

They usually work with appliances, but we managed to use our own configuration to do some sweet stuff: we put the mail filtering cluster in the DMZ, along with the DB. but we put the customization interface is on an internal network. That way there is no firewall exception for the DMZ (ok except SMTP... can't avoid that one.) and the DMZ gateway doesn't need access to internal credentials at all (Active Directory in our case) It just knows that the interface machine on the inside is trustworthy. Even though the DB has no access to authentication services, the users can still customize their filtering to their desire.

I think for big companies, one concern is that I have never heard anyone rave about spam filtering. In terms of brand-awareness it is a completely one way street, Either people are satisfied with it, in which case they shrug, or they get irrationally violently abusive of the service, and have un-realistic expectations. It is a risk for any major brand to operate spam filtering, with literally no upside (ok, aside form revenue, but if it is a small part of a business, the reputation risk might outweigh the revenues.) Touching people's email brings out all the consipacy buffs you can imagine, and for some small but vociferous group they always have their own solution, and whatever the email admin does is crap. That's a thing that was great about Roaring Penguin's CanIT PRO when we rolled it out, it gave each user the ability to turn off the filtering entirely, if that's what they wanted.

It worked like a charm. Whenever we got some idiot (the truth hurts!) who thought they could do better, we just said fine, here is how to turn it off. Out of 6000 boxes, we had about 200 opt-out right away, most of them turned it back on within a few days, after a year it was down to 60 or so, and then when there were some malware infection episodes, it came out that their 'custom' solutions were not actually working that well, and everyone came back into the fold. Being able to let people opt-out saved us literally months of pointless arguments while letting us deploy good service for the co-operative many.

This was for about 7000 mailboxes, which is small as far as mail installations go these days. The real clients for this stuff is hosting providers and outsourcing companies (cloud based) I think the reason for large companies exiting the business is the huge trend of small companies to cloud, there just isn't much of a market for small email installs anymore... People are using huge hosted configurations. It's gradually getting dismantled now because of some organization move to a single outsourced solution with many hundreds of thousands of mailboxes...

Comment Re:Government should not pick winners and losers. (Score 1) 298

Economy of scale can drive costs down, and the same time it drives down competition, and makes the entire network less robust and reliable because of fewer reliable power sources. You have Hoover dam. Can you scale out hoover dam to get enough electricity for the entire country from Hydro? No. What are the other options? Most other central generation schemes involve nuclear or fossil fuels. While these methods may produce a lower cost grid at this time, this is because there are unpriced externalities: No price on carbon dumped in the atmosphere, or for facilities like Yucca Mountain. I'm all for market pricing, but markets need to reflect the real cost to all of us, and not subsidize certain technologies, as has been the case with these other technologies for many decades.

So long term, those other sources are likely going to have to go away or their costs will increase substantially, so redesigning the grid to deal with truly sustainable generation methods, like wind and solar, is going to need to be done sooner or later. If you are running a public utility, for the public good, you do not want to be prolonging environmental degradation by subsidizing incumbents at the expense of those who are doing the right thing for everyone's future.

In a Smart Grid world, Hoover Dam would sell at the price Hoover Dam wants to charge, and the price from Solar City at the price they want to charge... When you run out of cheap power, you buy the expensive stuff. When nuclear plants start paying for rent for 50,000 years of storage of their waste, and gas plants include carbon sequestration in their operations, perhaps their properly priced production cost will end up as 20 cents/KWh. Add in grid storage, and perhaps people will buy hoover dam power cheap at night, and use it during the day, when they need it. A lot of improvement becomes plausible (perhaps not easy, but at least plausible) with a smart grid.

Comment Re:Government should not pick winners and losers. (Score 4, Informative) 298

Great sentiment. How many utility grids can compete for customers? Five? Seven? So a cheaper grid made possible by local generation, reducing the cost of distribution because current has to move less distance competes with huge cables from Hoover Dam how exactly? oh... PUC stands for public utility commission, and there is only one grid. It is not a supply and demand issue when there is only 1 grid, and it is the public utility commission making rules that are lopsided in favour of the Hoover Dam proponents. What is power worth at the Hoover Dam ? about 2 cents/KW perhaps... but to get them to Las Vegas, it's probably going to lose half of them en route, so what does a KW cost in there? about 4 cents... why should the electric company be given power for half of their cost from other sources, why doesn't the electric company negotiate with each of the small scale producers? how is it more 'market' if the cost is set by the PUC down rather than up.

There is no market solution to this problem, right now. Pehaps smart grids will be able to address that someday, but right now, it's just who lobbies the regulator better. Given the reality that a monopoly grid currently in place, and is necessary, and given a monopoly, it must be regulated, and that regulation will perforce shape the market, the choice before people is what shape of market do you want? Distributed generation, as it reduces the amount of electricity that must be moved over long distances, is more efficient, and therefore cheaper, and so if we are going to fail in any direction it should be in favour of reducing costs for everyone. On that basis, a feed-in tarriff that encourages distributed generation is better for everyone except the incumbent electric generation and distribution organizations, as it reduces the amount of electricity they sell and ship.

Comment article is wrong about Rutkowska's recommendation. (Score 1) 106

Having already listened to Joanna Rutkowska's talk a few weeks ago, the writer got it wrong... he/she read or heard 'stick' and inferred 'USB'... no. USB is terminally insecure because the controllers necessary to operate it can be infected also ( That's why there is a line that says SPI in it. She is talking about something like an SDcard, which has less firmware in it to corrupt. Complexity is the enemy of trust. The issue is that the new stuff is harder for white hats to access/audit/disinfect because the way the chip vendors are "securing" it is by keeping it all a secret... security by obscurity. Muzzling the good guys just gives the advantage to the bad guys.

If IME or (AMD's PSP) gets exploited, you are completely screwed, throw the motherboard out. no amount of re-flashing can get you to known good state. The advantage of the stick, as a relatively passive device and preferably read-only to the managed device, is that it can be removed/reviewed/fixed on another device. Imagine it like using an SD-Card to store a BIOS, and having no firmware other than that. to upgrade the BIOS, you remove the stick, put it on a trusted computer (you have to find one of those) and use that to do the BIOS upgrade, then you put it back in the computer, where it is read-only. This works for fixing a corrupt BIOS as well. The only capability you give to the CPU is the ability to load it's microcode on boot from this stick.

Implemented properly, with co-operation from the chip vendors that has the potential to be much more secure, but how likely is that?

Comment Re:raspberry pi about 50$ does just fine. (Score 1) 247

Thats about the same thing I do, and my uptime is beter than with the craptastic appliances you can get at your local tech store... and I actually understand what is happenning when it breaks, I can get decent log messages, etc... also my ISP gateway is in a chimney renovated into a closet... brick walls, so the wifi in there does not make much sense, got the house wired for ethernet, and have WIFI APs else where... used normal store bought boxes for those, and those fail a lot... (honey... my tablet is slow!... reboot the consumer crap box... thank! honey...) they are just in bridge mode, and they still get confused after they are up a while. So totally over the packaged all in one junk with the most functionality possible crammed into one box, where a lot of it is done badly, it doesnt really get patched, and the error messages are terrible. What I would like for wifi is something that just bridges wifi to my copper network, just do that right and forget everything else. The other stuff makes it unreliable.

Comment Re:raspberry pi about 50$ does just fine. (Score 1) 247

As the ISP limits me to 30 mbps, it handles the maximum the link will tolerate, I don't have an easy way to test properly beyond that. During such tests, the pi answers at the command line readily enough, I think I recall doing a top and it wasn't suffering. I did not put a hard disk on it, specifically to reserve USB bandwidth for the ethernet dongle. just the SDCARD. As others have mentioned, you need to be careful with the power supply, and some USB ethernet dongles are crap, but once you get properly equipped it's very reliable. Every couple of months I reboot the cable modem (not the pi..) and my dlink router that is the wifi thing has to get rebooted every few weeks when throughput slows to a crawl. The pi is better than either of them. I'm using the original model B. only 512 MB of RAM, but it's always idle... it is a very internet centric house, we run half-a-terabyte a month through it in a typical month, lots of netflix and gaming for a whole family.

Comment raspberry pi about 50$ does just fine. (Score 5, Informative) 247

raspberry pi, usb ethernet dongle, power supply... about 40$. does 30 mbps with full iptables, NAT, dual stack ipv4 and ipv6, speed test is 30 mbps flat out. my isp rate is 30 mbps ... If you have access to > 100mbps great, but outside of google cities isn't that kind of rare? Don't see the point of a 300$ homebrew router. been using a pi for years. have two spares. no moving parts, no fan, low power consumption...

Comment Re:how does it in any way an improvement? (Score 1) 63

It's not a mistake. Do you have a touch version of gimp handy? no? That's the problem. For gimp the idea is that you use the keyboard and mouse and you can use it as a completely "traditional" computer. but you can use it as a tablet for the stuff that works well with that... those are going to be other apps, because of the need to allow for humungous fingers that blot out half the screen whenever you do anything, rather than mouse pointers. The only way to do convergence is to let both worlds live together, give easy switching, and see what the software does over time.

Comment Re:The break down of 60 million is the key. (Score 1) 163

It is a launch cost, not a total cost. It makes no sense to estimate the cost of the rocket to be divided equally among the two stages. SpaceX doesnt build the payloads, it isnt their cost. The payload is almost certainly not included in the 60M$ launch costs cited. So The main cost of the stages is the engines. there are nine in the first stage, and only one in the second. I imagine the breakdown in costs is proportional to that, rather than the 50:50 breakdown proposed above. The motor is a little different, being optimized for lower atmospheric pressure, but thats just a difference not an added cost, the only added complication in the second stage is the carbon fibre fairing... everything thing else is payload. so I expect that even if we say only 40 M$ is the vehicle itself, then probably 36 M$ or thereabouts is the first stage. So yeah... 10:1 on the vehicle... results in going from 60 M$/launch to 24 M$/launch... or 2/3rds cheaper.

Slashdot Top Deals

The bigger the theory the better.