Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Slashdot Deals: Cyber Monday Sale! Courses ranging from coding to project management - all eLearning deals 25% off with coupon code "CYBERMONDAY25". ×

Comment Soviet surveillance - please... (Score 3, Insightful) 246

> [RMS]: Most citizens of the US live under far more surveillance than
> the citizens of the Soviet Union knew.

Technically of course he is right. In Soviet times there was no Internet, no cellular network and no technical means to process all this data. So it is obvious that now the governments have more means to spy on citizens. But staying just on technical merits you could have said that "most citizens of the US live now under far more surveillance than the citizens of the Regan era US knew".

The guy is just wrong. I live in Poland which was Soviet sattelite state (quite autonomous since it managed to free itself from Soviet grip). I remember my father talking about his workplace in communist times. Once on his job he joked about the shape of glasses the general Jaruzelski wore - he said he was a welder (since the glasses looked like welders). He said that in company of three other people in his workplace. Yet the next day he was called before party member who reprimended him. And this is not some unusual story - the truth about communist states is that about 10% of people around you were state agents reporting to security service (by will giving them benefits or forced to be f.e. blackmailed).

And that is how totalitarian surveillance works - it uses people not machines. People who spy on you will always be better than any technology (unless the technology gets somehow intelligent which isn't happening in a few decades).

I respect RMS but in this case he is really wrong.

Comment "Ask" section is getting dumber and dumber :( (Score 1) 78

> What [...] is generally the best way to distribute patches

Patches for what? For PC operating systems? PC software? Embeded computers?

> in a way so customers can download them, considering
> that the machines are offline?

Well you can't download anything when you are offline. You mean that customers download the patches, put it on removable media and install them on their machines...

> Are there any software packages (open source preferred) that pretty much
> allow engineers to upload a patch with a description to a web server, and allow
> customers with credentials that are registered in LDAP to browse and download
> them quickly?

Yeah like SFTP server for uploading and web server (f.e. Apache with LDAP modules) for customers?

What exactly are you asking?

Comment VDI thin client, maybe Android TV box (Score 1) 158

> I have a slightly unusual requirement.

Nothing really unusual about this.

> I just have a desktop PC which I use for most of the stuff I do (gaming, video, work, etc.),
> and it's upstairs. From time to time, I'd like to use it downstairs. Is there a wireless solution
> that will let me take control of the PC from downstairs, using the TV (HDMI) as the screen,
> and the TV's speakers to replace my desktop speakers?

What you are asking is how to work remotely from TV room to your personal computer.

You haven't specified any essential details so I need to ask:

What kind of stuff you wish to do remotely?

1) Just access photos on your PC and maybe some media (music, videos streaming)?

For that you need just a simple network media player attached to your TV. Also you need a modest wifi connection between your TV and your PC. Anything that has wifi, can output via HDMI, has a remote and plays media files (photos, audio, video) will do.

2) Maybe do some office work on it?

For that you need a thin client. Probably Android based. That can do VNC or RDP. Also some input devices for that box (USB or wireless keyboard and mouse). And a modest wifi connection.

3) Gaming?

If you even think about streaming games from your PC you need a powerful wifi connection (like dual band, N standard, *fast* access points). And some device that can stream games from Steam - even small Raspberry Pi box could do that but network performance is essential.

So given above three points you need to have:
- configured wireless or wired network connection between the TV and your PC
- somekind of client device at your TV (Android based set-top box or dongle, something like PCoIP thin client, small Linux client (like RasPI))
- some input devices for your TV - depending on what you want - a remote control for media, a keyboard and mouse for workflow, a gamepad for gaming

But the one thing in common is to have network connection (wireless or wired) between the PC and the TV.

Comment Re:More by whom (Score 1) 368

> In the US [...] you can sue (not that you'd be likely to win,
> but you can sue almost anyone for almost any reason)

That is normal in any sane jurisdiction. In _civil_trial_ you can sue almost everyone for compensation (not for freedom restraints). Please do distinguish civil vs. criminal law. Basically in civil law you can sue anybody (f.e. me) for anything (f.e. for educating you). In criminal law that is the state or the victim that sues and the penalty would be freedom restraint (jail or something similar). In civil right there is compensation for the side suing. Usually sane countries have some protections about bogus claims. For example in my country if you wish to sue somebody on civil basis for an ammount exceeding ~20,000EUR you need to pay in a vadium of about 10% prior. If you win the trial - you win. But if you loose you also loose the vadium and you need to pay up for all associated costs.

Comment A big fence (Score 1) 227

> I have always been interested in how and why users break policies,
> despite being trained carefully.

Well this is a different question than topic subject about mobile devices. They break it because they can I guess.

> I watched people take iPhones into highly sensitive government facilities on several occasions.

They were not as highly sensitive then. If they were there would be actually some guards at the doors searching people to prohibit bringing in devices such as smartphones.

It is quite easy - you can build a really big fence. Like 20m high but if nobody is going to watch over it there would be a guy with 20m ladder... so I guess you get security wrong. If there is a policy prohibiting iPhones in certain area - do execute that policy and have guards executing it physically.

> That led me to wonder to what extent the same problem exists in the
> private sector:

It depends but usually not. If it is concerning REALLY SENSITIVE AND PRECIOUS DATA like medical research, military contractors, finance and so on - then yes the problem exists. But usually in private sector the data is just not so sensitive to protect it with such costly measures.

> Portable Electronic Devices (PEDs) are a huge threat to both security and intellectual property.

Nah. They are not. If they are then you are doing something wrong.

> So, do you use a smart phone or other PED during work hours,
> even though you are not supposed to?

No. That is I can use my smartphone whenever I want. No company policy forbids me that and I know nobody that has similar policy in place. In my opinion you have reached a wrong target to ask that question.

Comment Re:Arch (Score 1) 319

I forgot one important thing - before settling on Arch Linux I've tried different distros - mostly mainstream like RHL, CentOS, Fedora, Debian and with their release policy (as opposed to rolling releases) I recall that each time new major version came out I ended wasting entire evening reading release notes, upgrading, fixing things that stopped working etc. Now I prefer to spend few minutes weekly after each update session to act on potential small changes than to waste few hours on upgrade to next major version.

Comment Re:Arch (Score 1) 319

> I make sure I have LVM snapshots between each update
> procedure as at least 1/4 of the time something breaks.
> I really wish arch didn't use rolling updates, but the vast
> AUR repository unique to arch is more than worth it.

I use Arch and I can't confirm it. I've never had a problem with update process breaking anything. For me it just works as advertised. But it is essential to manage the update process. This is IMO the philosophy about Arch Linux that you need to keep control over it. Rolling releases means that there is no promise of API/ABI compatibility and of course there will be some major changes down the road on which you need to act.

When updating Arch Linux you need to read what is going to be updated. Major changes (like package replacements) are higlighted and you need to act on those changes after update. Also you need to look for configuration changes (*.pacnew files) and act if it occurs.

Also it is better to update regulary like once a week than to pile up the updates and do lots of them at once (since you can miss something important). I tend to update once a week and never had a problem. Well once I ended with unusable system after update but it was not Arch Linux related - it was a kernel bug specific to my hardware and configuration (regarding power management on laptop - it can be quite tricky on Linux but hybrid sleep/hibernation is a nice thing to have).

What problems did you have? You are stating that 1 in 4 updates cause problems so you probably can throw few examples?

Or maybe you are reffering to AUR packages breaking during update - well AUR is completely different thing from Arch Linux main repo. Some packages in AUR are of terrible quality (outdated, not working, not tested) so I guess if you have lots of obscure AUR packages installed the update process may break some things but usually it is userland. I wouldn't dare to use AUR packages for core functions of my OS (like kernel and important services).

Comment My policy (Score 1) 319

Personal machines:

Home laptop (primary, I also tend to work on it) - I stick with Windows 7. Obviously it is the last sane/usable version of Windows. Skipped Vista entirely. I always tend to use the Good Windows release (95, 98SE, 2000, XP, now 7). Looking forward to install Windows 10 as it looks quite sane and 7 is getting old. I apply patches automagically. With Windows it happens that some patches break stuff but it is easy enough to uninstall them. Also I run Secunia Psi to notify me about outdated apps and it also can update them automagically which is convinient.

Home Macbook (secondary, for fun) - I stick with Mavericks since I don't like the new flat look and basically it still works and apps are working so not a big deal for me. I install patches as they show up.

Home server (router, network functions, VMs for development) - Arch Linux - it is a rolling release distro so I just upgrade everything from time to time when I have security related updates pending. It works - never had broken for me.

Raspberry Pi - I use few for dedicated projects (media player, dedicated retro gaming system). When I set it up and it works I tend not to update it since I don't see the point.

Now for work computers we have strong policy. Workstations and laptops have frozen Windows version (licensing obviously, compatibilty), we push all updates via WSUS on which we accept them. We test updates on selected group of machines (IT staff) before pushing them to all. For servers we also have standardised versions (Windows, RHEL/CentOS). We roll any major upgrade through change management with backup/recovery plans in place (VM snapshots, application backups prior to upgrade i dedicated time windows etc.).

Comment Re:Keep it simple (Score 1) 173

> that's all he needs

No it is not. You have contradicted yourself in your post. You have described a solution which from begining is flawed. Then you described that flaw (the kid could just change his IP to grandparents machine or even MAC if you would go for MAC based filtering). So you have basically posted a solution that is not a solution at all if you wish to make things working without beating the child.

Comment Keep it simple (Score 1) 173

In my opinion you are making this issue more complicated than it really is. You really don't need site-to-site VPNs and custom routing to accomplish your goals.

If I understand you correctly your goals are:

1) To have remote access to machines (Linux, Windows, others) in few remote networks.

Just set up VPN server in each of these remote networks. OpenVPN is probably a good way to go. It would run on any Linux machine, Windows machine (if you dare), even on some routers (f.e. DD-WRT compatible). If these networks are behind dynamic IPs you will also need somekind of dynamic DNS service.

Having VPN server running in all locations you just login to it and access whatever machine in that network remotely. For Windows machines DameWare is probably not a bad idea. It is commercial software but you only need to pay for one license - the license is for an operator (you), not for client machines. You could also use VNC - why not? For Linux machines SSH is a no brainer. And other devices (like printers, networking gear, etc.) probably have HTTP interface anyway.

Also you wrote: "me being able to log in and apply patches and security updates without requiring someone on the other end sending me Desktop Sharing invites". Well are you aware that you DO NOT need to log in to Windows systems to apply patches and security updates? It just happens automatically. Just turn on Windows Update.

And since it looks like you are required to take 4hr trips to fix your parents computers that makes you basically their administrator - DO NOT give them administrator rights on their machines. Set them up with quite secure configuration - no admin rights, antivirus software running and set to automatic, backup running and set to automatic, updates running and set to automatic. If you do so I hardly see a need to physicaly access their machines (modulo hardware failures).

2) You have described your second goal in such convulted way with buts/ifs and so on that I need to cite this mess: "I'd also like some way to be able to monitor/control my son's online activities while he's away (hence my desire to route at least his traffic, if not all Location B internet traffic, through Location A). Also note: I'm not a helicopter parent by any means and only monitor once in a while to get a general idea of what his online trend is; and the extent of "control" is if grandpa and grandma say he needs time off the computer for x days for bad behavior or whatever, I want to be able to enforce that rule where he won't be able to sneak around while they're in bed. This connection will not have any firewalling or blocking enabled by default.".

So basically you want to:
* monitor your sons network usage
* enforce policies on your son (like no Internet after eight since you were bad)
* enforce password usage (or other form of authentication) on your users since you don't want to allow your son to use their grandpas computers while they are not around physically guarding the machines

Well what you basically wish for is corporate-like network with authentication to local systems and to network usage. It can't be done without enterprise class systems - you will need an internet access proxy/gateway for accounting and enforicing access policies for network, user directory to enforce password usage and restrict access to certain machines for certain users (namely your son), network access protection system (and network hardware supporting it) so your son can't just use his Linux machine to access network however he likes.

That means that you are contradictiong yourself by saying that you dont want to have any firewall or blocking - you do.

How you are claiming that you have any training in network administration is beyond my understanding.

Comment Re:So what is your goal? (Score 1) 267

> Don't listen to the amateurs. Block by default, require business justification

So your boss emals you and asks you to implement a policy (read the post) - in my opinion it is business justifiend enough, at least his (boss) responsibility. Just doing your job is not amateur in my opinion. If it is extremely stupid you should go on and warn him but nevertheless don't object and do your job.

> and offer a risk assessment for all exception requests,

This is fair - given boss request you reply - OK I'll do that but it introduces certain risks. Right on it while you review the risk assesment. Amateur enough?

> monitor and report suspicious activity.

This is obvious - it does not hold you from doing your job (what your boss expects you to do).

> Don't trust your internal users.

What does it mean?

> Segment wherever possible. Plan for failure. Exercise recovery plans. Due diligence.


Comment Re:User Perspective. (Score 1) 267

> It is the Company's network connection, block whatever you like.

If you are the owner of course.

> But, and this is important, have an easy mechanism where a user
> can submit an url,

Browsers adress bar easy enough?

> an admin can verify it is a legitimate business related site, and have the
> site whitelisted immediately. That way you can block "Big Butt Russian
> Teens" or whatever, but when the SmartFilter(tm) randomly decides
> that contains "adult content, sports, gambling and
> lotteries" (happened to me) the legit business use is not impeded.

Oh great. So now an admin administering f.e. 5k users network should also babysit them? :)

Consider that your company relies heavly on email usage. It is probably more important service than web - you could function without web browsing I guess... but without email service - you can all go home for what I guess. Email works similar to web - there are emails sent back and forth, emails are interpreted in client, emails can contain files (like downloads) etc. Now I don't see you arguing that you should have an admin looking and verifing every email sent to your user right? That would be extremely stupid and retarded right? Well you are sugesting exactly same stupid and retarded method for the web. Just use email scanning technologies for your email like you would use web scanning technologies for your web. Don't be retarded.

"Don't worry about people stealing your ideas. If your ideas are any good, you'll have to ram them down people's throats." -- Howard Aiken