Forgot your password?

Comment: Re:Keepass (Score 4, Insightful) 445

by jakeguffey (#46307141) Attached to: Ask Slashdot: How Do You Manage Your Passwords?

Came here to say this.

I've used KeePass (or, in my case, KeePassX since I'm on *NIX) for about 6 years and it's been great. Encrypted local storage that I can sync between devices if I want, with an Android app (KeePassDroid) available makes life easy. It's also the only approved password storage method where I work.

Comment: In the midwest (Score 1) 632

by jakeguffey (#41581121) Attached to: Ask Slashdot: What Were You Taught About Computers In High School?

the normal curriculum generally didn't provide any exposure to computers beyond "Keyboarding" and "Computer Applications," meaning MS Office. I graduated from high school in 2006 and there was really nothing made widely available by my school. There was a vocational class for computer operations (only 4 students including myself took it), which was actually quite useful -- intro to networking concepts, intro to programming (VB 6), and all of the information needed to get CompTIA's A+ certification. Throughout the year, I was able to bat ideas around with the teacher, including the idea of making a beowulf cluster (just 3 or 4 nodes) to showcase some of the things computers could be used for. The class was the last half of the day and really helped solidify my basis into computing. At one point, the teacher had the network engineer for the school system come in to teach us how to terminate fiber (which we later ran to provide network access for the machine trades vocational class). I really have some fond memories of that class and to this day, I'm friends with the teacher.

My experience was *not* normal by any stretch, though. As I mentioned, there were only 4 students (later dropped down to just 3) in the class from the entire county. I was the only person from the hosting school (1000-1500 students). The teacher I had that year returned to industry the very next year and, from what I heard, the quality of the class dropped tremendously when his successor took over. To my knowledge, the class is still the same poor quality that it was after he left.

As far as I know, learning anything related to computers in high school (in most midwest counties) is learned the same way as it was a decade or two before -- individuals being motivated to learn for its own sake and befriending others who are like-minded. LAN parties, though passed off as completely useless by parents (more often than not), provide(ed) the greatest source of computing knowledge exposure -- setting up the LAN (and segmenting it from the user's parents' use), troubleshooting why a computer would fail to work, troubleshooting why a pirated game wouldn't run on one machine when everyone else wanted to play, and understanding physical infrastructure requirements (i.e. power) are routinely dealt with in the environment of a high school LAN party, and are directly applicable to industry (with much more learning outside of these parties to fill in the gaps, of course).

Comment: Wow (Score 1) 338

by jakeguffey (#40067529) Attached to: Ask Slashdot: Best Way To Monitor Traffic?
So many comments and none of them really answering OP's question. First: Yes, OP needs to ensure that what he's asking for is actually what he wants to do. Now, OP: How about using Open Source IDS/IPS? Something like Bro ( could be a good option. It's completely scriptable and keeps track of general information (number of connections, what IP addresses are talking to what others, etc.), but where it really shines is that it alerts on "weird" traffic and since it's scriptable, you can write your own protocol inspection code to look at network streams on the fly and only pull out what matters. To implement this kind of system, I'd put a linux/bsd box inline acting as the network's gateway so everything on the network outbound goes through it, enable routing (linux: add net.ipv4.ip_forward=1 and net.ipv6.ip_forward=1 to /etc/sysctl.conf, bsd: add net.inet.ip.forwarding=1 and net.inet6.ip6.forwarding=1 to /etc/sysctl.conf), configure the firewall as needed (NAT and what have you), and set bro up to look at the traffic. Then I'd define very clearly what traffic I thought was "interesting" and warranted looking into. That traffic I would write some inspection code for and wait for alerts (which can be formatted however you please -- they're just text). Finally: Should an I[DP]S be used for oppression? No. Should this type of solution even be implemented at all on a home network? I think that's an issue that can only be answered by the client. Remember: anything can be used for good or evil. Make sure that anything you build and sell is going to be used for good (as much as you can ensure such a thing, of course). Talk to your client. I have a feeling that training for dealing with social engineering will go a lot further than a custom-engineered DLP system.

Comment: This is a complete (Score 5, Informative) 84

by jakeguffey (#39652747) Attached to: Critical Flaw Found In Backtrack Linux
non-issue. According to the advisory, this particular issue "Spawns a root shell [and h]as not been tested for potential remote exploitation vectors." As has been stated multiple times earlier already, BT is generally used as root locally and (until someone determines remote exploitability) this is a local-only exploit. TFS is wrong. This is not a "critical flaw in BT," but a flaw in WICD that allows privilege escalation. Still something that definitely needs fixed, but if someone has local access to your box, you can pretty much assume they already have root.

Comment: Re:A confusing summary on /., let me try to do bet (Score 1) 187

by jakeguffey (#38085954) Attached to: Potential 0-Day Vulnerability For BIND 9
I am 100% with you up until you say, "I'm amazed how many people run large, production name servers on BIND yet don't have a cheap support contract. If you run BIND, rather than getting your alerts via /. look into a support contract so you get them directly from the vendor." I have a couple issues with this. The first is simply that it's perfectly reasonable to expect a good UNIX admin to handle BIND without issue for generalist deployments. The other issue I have is that you don't need a support contract to get these alerts. Sign up for the bind-announce mailing list (link: Again, I'm totally with you up until the end there.

Woman Develops Peanut Allergy After Lung Transplant 146

Posted by samzenpus
from the no-extra-charge dept.
An anonymous reader writes "A woman in need of a lung transplant got her new lungs from someone with a peanut allergy who died of anaphylactic shock. Seven months after the surgery, the woman was at an organ transplant support group when she ate a peanut butter cookie and had a violent allergic reaction. So how had the woman's new lungs brought along a peanut allergy? A blog post dives into the medical details and explains that immune cells in the donated lungs couldn't have lived in the new body for long enough to cause the reaction... however, if they encountered an allergen (i.e. something peanuty) shortly after being transplanted, they could have trained the woman's native immune cells to respond."

This place just isn't big enough for all of us. We've got to find a way off this planet.