Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:Just disable it... (Score 1) 94

One thing that does help is virtualization and downsizing equipment. For example, moving from a desktop to a laptop, buying (or building) a decent server for virtualization, and even using low power devices for LAN services (I use an older Android phone to run a caching DNS service) can make a significant difference.

Especially with older hardware. Almost everyone has that old computer with sturdy hardware that works well. However, those older machines can eat a lot of power.

Comment: Re: What Would be a Trivial Amount? (Score 2) 94

One idea I've found that works, provided this is possible (i.e. you own the property), and one has the electrical ability, is to have a dedicated circuit for the little devices that comes from an inverter [1] and a set of batteries that charge from a PV panel array.

This doesn't have to be expensive. A common setup winds up being two 6VDC golf cart batteries in series (12 volts total), 2-3 PV panels, a decent charge controller [2], and an inverter. This won't run your air conditioner unit, but it will be big enough to handle a number of low amperage devices, and one can build a decent setup for well under $1000.

In fact, I did a jerry rigged setup to light a shed on the far side of a friend's farm using a cast off extension cord (it had the proper gauge wires when stripped), a cast off 200 watt panel, a $8 PWM charge controller from eBay, an old deep cycle battery, and a DC-DC converter so I could use some 340 lumen SunJack LED bulbs (with built in switches) that run from a USB port. All of this cost well under $100. The SunJack LED bulbs would run 8-10 hours on a 1.2 amp (or 12,000 mAh as the packaging says), so a 200 amp-hour battery that only has 50-75 amp-hours left can run the bulbs for a very long time without solar.

Another added benefit of having all the devices on their own circuit is that they are essentially on a UPS, so if power fails, they will still keep running.

[1]: Don't skimp here... buy a reliable PSW (pure sine wave) inverter, and go for a 1500-2000 watt model even though running at full tilt will discharge the batteries quickly. This is so that if one plugs something in that has an inrush current (refrigerator compressor, microwave), the inverter can handle it.

[2]: You can go with a MPPT controller, which allows for higher voltage panels (as it converts the voltage higher than what the batteries use into a lower voltage with more amps), or have more panels to handle how a PWM controller "lops" off any voltage it doesn't need.


Another Patent Pool Forms For HEVC 57

Posted by Soulskill
from the money-to-be-squeezed dept.
An anonymous reader writes: A new patent pool, dubbed HEVC Advance, has formed for the HEVC video codec. This pool offers separate licensing from the existing MPEG LA HEVC patent pool. In an article for CNET, Stephen Shankland writes, "HEVC Advance promises a 'transparent' licensing process, but so far it isn't sharing details except to say it's got 500 patents it describes as essential for using HEVC, that it plans to unveil its license in the third quarter, and that expected licensors include General Electric, Technicolor, Dolby, Philips and Mitsubishi Electric. The group's statement suggested that some patent holders weren't satisfied with the money they'd make through MPEG LA's license. One of HEVC Advance's goals is 'delivering a balanced business model that supports HEVC commercialization.' ... HEVC Advance and MPEG LA aren't detailing what led to two patent pools, an outcome that undermines MPEG LA's attempt to offer a convenient 'one-stop shop' for companies needing a license." Perhaps this will lead to increased adoption of royalty-free video codecs such as VP9. Monty Montgomery of Xiph has some further commentary.

Comment: Re:Not being PHP (Score 1) 281

by MightyMartian (#49356525) Attached to: Ask Slashdot: What Makes Some Code Particularly Good?

Dominance where exactly? A helluva lot of Windows development is still done in C/C++. Java still has massive penetration in the enterprise. I'll admit that .NET is a big player in the Windows world, but considering the Windows market appears to be at best static, and as a platform, compared to other computing devices (enterprise computing, mobile computing, etc.) is in absolute terms possibly even declining, I'd say .NET could hardly be described as dominant.

Comment: Re:Tipping point? (Score 1) 90

Platter technology will end up being pushed to the NAS/SAN, which is why WD is making their red line of drives.

Perhaps HDDs, now that speed and capacity are secondary, they will start evolving down the path of reliability, perhaps replacing tape as an archival medium.

NAS drives are going to be a big market, especially with devices like Apple's new MacBook with limited expansion capability, so people will use WiFi Direct hard drives as their main backup source, as opposed to USB drives. In this use, capacity is limited on the MacBook, and speed is limited, so drive makers (hopefully) will end up working on leapfrogging each other for reliability and security.

Comment: Re:Prepare to restore from backup often (Score 3, Interesting) 255

by mlts (#49350169) Attached to: Generate Memorizable Passphrases That Even the NSA Can't Guess

I have a third option: An admin passphrase that is a lot longer than my user passphrase, but had more retry attempts. That way, if the short passphrase gets typoed, I can still unlock the device with the admin one.

You are right about backups... that is why I have three of the USB tokens, just in case.

Comment: Re:Why SSD in a "do-nothing" PC ? (Score 1) 90

Had a similar choice when giving a laptop to a relative. I went SSD instead of SSHD because SSDs are physically more resistant to shock.

However, if given the choice with a desktop... I'd probably still use SSD, just because when I delete a file and fstrim the drive, the file is -gone- for good, since the drive controller will come around, write "1"s to all the pages that file used and call it done. Of course, keeping good backups when using SSDs is wise, just due to this exact thing.

Comment: Re:Still not allowed by many places. (Score 1) 255

by mlts (#49349543) Attached to: Generate Memorizable Passphrases That Even the NSA Can't Guess

I wonder if the ideal password manager would be one that would use a typed in password as a seed/IV (hash a seed and the sitename), with exceptions stored for sites which don't allow passwords generated with that tool to work. Some sites require a number, a capital letter, lower case letter, a symbol (well, not all symbols work), or some other random, annoying combination of the above.

Of course, the ideal password manager would store the password database with a master volume key, then each device accessing it would have the MVK encrypted to its public key. This way, if someone wants to add a device, they just allow access on another device. If someone wants to remove access, it is doable, but it would be wise to re-encrypt the DB to a new key for security. This is how PGPDisk did its encryption, and it completely deters brute-forcing, should someone get access to the data stored on the cloud, since there is no password, so the attacker has to deal with the entire key's keyspace.

Since the private key is on the device, the user just needs a PIN to unlock (with a timeout after too many wrong attempts), rather than a longer passphrase. Both iOS and Android have secure storage (KeyChain for example) which makes this easy to implement securely.

Comment: Re:Memorizing site-unique passwords isn't possible (Score 5, Informative) 255

by mlts (#49349459) Attached to: Generate Memorizable Passphrases That Even the NSA Can't Guess

I prefer 2FA when possible. Even a very tough password means nothing if by some means, it gets sniffed by some keylogger, or the password database on a cloud provider gets brute-forced.

For storage where one is using a passphrase for encryption, as opposed to authentication, I like using cryptographic tokens. TrueCrypt used to work with a PKCS#11 library so I could store a keyfile on a set of Aladdin/SafeNet eTokens. This not just made the key immune to brute force guessing... someone who physically possesses the token has three guesses of my unlocking passphrase before the token locks itself forever and zeroes out the stored keyfile. This also works with Symantec's PGP version, except that generates a public/private keypair, the private keypair always remaining on the token, while the public part is used for the file/drive encryption.

If 2FA isn't possible, then as above, some mechanism to help with password reuse is very wise. This is useful just in case some website decides to store passwords in plain text, so a person's secure "correct horse battery staple" is now compromised and added to every blackhat's brute forcing library.

Comment: Re:Run as user AND back-ups (Score 1) 167

by mlts (#49349239) Attached to: NJ School District Hit With Ransomware-For-Bitcoins Scheme

All consumer level ones are that shitty. Time Machine does have some OS level protection, but most just dump data to an external drive. Overwriting the files or just a format of the filesystem can easily destroy that backup.

Windows Server Essentials 2012 R2 has "pull" functionality to grab data from desktops. Another utility is Retrospect which can have a client installed on desktops.

Of course, the ideal would be a backup appliance like an EMC Avamar that deduplicated. Think Time Capsule, except that the appliance initiated the backups, stored them securely, and did the deduplication. Add decent disk encryption (perhaps a startup password or PIN entered on the appliance's webpage to mount the backup drives), and this would help versus malware.


RSA Conference Bans "Booth Babes" 323

Posted by timothy
from the can-I-ask-you-some-technical-questions dept.
netbuzz writes In what may be a first for the technology industry, RSA Conference 2015 next month apparently will be bereft of a long-controversial trade-show attraction: "booth babes." New language in its exhibitor contract, while not using the term 'booth babe," leaves no doubt as to what type of salesmanship RSA wants left out of its event. Says a conference spokeswoman: "We thought this was an important step towards making all security professionals feel comfortable and equally respected during the show." Easier at a venue like RSA; the annual Consumer Electronics Show, not so much.

At the source of every error which is blamed on the computer you will find at least two human errors, including the error of blaming it on the computer.