Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:I read some of the comments to her (Score 1) 444

by Shag (#49179113) Attached to: Former MLB Pitcher Doxes Internet Trolls, Delivers Real-World Consequences

Are you comfortable with angry people walking around with no money, nothing to do, and completely desperate?

Well, we have that already, yes? Except now, when you see some bum panhandling, there's so much uncertainty over whether he wound up there because he was a jerk, or because of circumstances beyond his control.

Comment: Re:The vendor seems to be Watchguard (Score 3, Informative) 204

I was thinking the same thing, but I'm not afraid to name names. I have reported bug after bug and all they ever did was use the bug report as a "support case" and count it against my support allotment then close the case with no resolution. Some issues have been solved after a year or more, but support is unresponsive at best. I can name quite a few known problems, some of which could be potentially exploited for buffer overflows or denial of service attacks.

Just to name a few problems and bugs:
-ssl-vpn prompts the user to upgrade when new software is loaded on the firewall but if a user clicks no it disconnects them. If they click yes it uninstalls the software and fails to rienstall due to permission issues with the teefer driver if the user does not have administrative rights. It cannot be upgraded easily through group policy or windows update local publishing. It is an exe container so group policy is out and publising via local update publisher causes the system to hang at shutdown due to problems related to the driver removal/installation.

-services that use certificate checking fail if dpi is enabled and there is no reasonable workaround (examples: webex, apple itunes and app store). Implementing a realtime host lookup would easily resolve this problem but they only offer a one time hostname lookup which adds the ip to the policy (problematic for just about everything.... yes let's unblock all of akamai, that makes sense!!!)

-sso manager has a memory leak uses huge amounts of resources and eventually stops updating the list of authenticated users until the service is restarted if you have more than 2 domain controllers. We had to schedule a restart of the service every morning to mitigate this and it still uses an insane amount of processor time.

-Version 11.9.1 broke multi-wan pptp so not only is ssl-vpn broken (don't get me started on their poor ipsec support) but now the less secure backup option won't connect...

-expiring or rejecting a ca certificate causes all sites reliant on that certificate to fail to load even if a new certificate is present if dpi is enabled

-email quarantine generates a certificate with the server's ip as the name but links send the user to the hostname thus causing a certificate warning

-a wan connection with a ping monitor will not resume functioning once ping is restored in a multi-wan overflow configuration causing a temporary loss of connectivity to become a permanent one.

-ssl-vpn will not connect over udp in a multi-wan environment

I could go on... but I'll end with a non-bug:
-They clearly run modified versions of open source software but fail to release their code changes to customers or distribute the gpl with their software. This is clear simply from the log files and debugging information and has been complained about as far back as 2005: http://lists.gpl-violations.or...

Comment: Re:Endian Firewall (Score 1) 238

by datapharmer (#47891241) Attached to: Ask Slashdot: Advice On Building a Firewall With VPN Capabilities?
I love (and use) endian, but I can't recommend it to a newbie. Once built it is solid as a rock, but Endian always seems to have some bugs out of the box that can be really frustrating, and the vpn setup is not very user friendly in my experience (but as simple as anything else if you are familiar with open vpn). It has gotten better lately with some long existing bugs being fixed, but it can still be painful out of the box and moving between versions can be hazardous (prepare to install from scratch as a backup plan). That said I do appreciate that most of Endian's bugs are frustrating from a "x doesn't work, y doesn't display properly, z doesn't configure as expected" but the security related bugs seem to much less common than many other open source and commercial firewall/utm solutions.

Comment: Re:Vyatta (Score 1) 238

by datapharmer (#47891181) Attached to: Ask Slashdot: Advice On Building a Firewall With VPN Capabilities?
Isn't it a little questionable to be suggesting a solution that has essentially be taken closed source? Vyatta is great, but unless the vyos community gains some strength it could end up as a dead end in a couple years. That aside, vyatta is a solid solution, so I'm only bringing up the potential negatives here since the vyos maintainers don't seem to have a lot of development/maintenance resources.

Comment: Re:maybe (Score 2) 355

by datapharmer (#47771127) Attached to: Ask Slashdot: What To Do About Repeated Internet Overbilling?
Wrong analogy. It is like buying a 1/4 pounder* (where the 1/4 pound is raw weight). Something is lost to cooking (transfer). I'm sure At&t's lawyers already covered their butts. If you read the small print ATM/MPLS overhead is probably included in the bandwidth calculation. Mystery solved Scooby Doo.

Comment: Re:Hello, it is 2014 (Score 1) 113

by datapharmer (#47764993) Attached to: Chromium 37 Launches With Major Security Fixes, 64-bit Windows Support
Strange, I used windows 64 bit for several years with no problem. That said I built it with components I knew had stable 64-bit drivers. Only problem I had was many browser plugins were 32-bit only but I can't blame Microsoft for that. It was a hell of a lot better than Vista x64 I can tell you that!

Comment: Re:Can we get a tape drive to back this up? (Score 1) 316

by datapharmer (#47763913) Attached to: Seagate Ships First 8 Terabyte Hard Drive
Rotate the drives. Works great for small clients that can't afford the tape. Rotate them offsite on a schedule. For larger amounts of data use tape. No reasonable hardware solutions I know of can beat a robotic tape library for longevity, reliability, and safety of the data. Hard disks only win on speed, but it is trivial to do disk to disk and then duplicate to tape. It gives you the best of both worlds.

Comment: Reasonably prepared in Hawaii (Score 1) 191

by Shag (#47745951) Attached to: Slashdot Asks: How Prepared Are You For an Earthquake?

I live on an active volcano (Mauna Loa), work on a dormant volcano (Mauna Kea) and am maybe 20 miles from a town (Pahoa) that might be in the crosshairs of an even more active, currently erupting volcano (Kilauea) right now. We have earthquakes all the time; I rarely even notice anything under a magnitude 4 to 5. Oh, and we also get hurricanes like AC mentioned, and tsunamis, and of course the sharks and poisonous sea urchins... Kinda funny, having grown up back on the east coast, where people will freak out over the smallest tremor. Someday I'll move back there and be all serene because nothing will seem exciting.

"Life sucks, but it's better than the alternative." -- Peter da Silva

Working...