Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: PCI Compliance instead? (Score 2) 205

by maas15 (#49237593) Attached to: Ask Slashdot - Breaking Into Penetration Testing At 30
Have you considered offering PCI Compliance rather than pen testing? While there are guidelines its a lot easier of an industry to break into without prior experience. A good pentesting service can test a really wide variety of things - a company that I used to work for would not only do the standard scans/attacks with ~40 different commercial and free tools, but also social engineering tests, mailing people usb sticks with autorun exploits, and stuff like that. I didn't get the specifics, just kind of the vague outline. While it's def not impossible to get into that, its something you should def do professionally before offering it as a service. Either way, PCI Compliance testing is like a watered down pentest, in which you're not actually supposed to break into anything. It also has a really wide variety of much smaller customers that are required to have it performed for various payment industry related reasons. A PCI scan can be anything from a half-arsed SAINT scan with minor notations, to a fairly comprehensive set of manually verified tests for things like SQL injections and XSS vectors.

Comment: That question is actually a class of questions (Score 2) 252

by maas15 (#49012389) Attached to: AP Test's Recursion Examples: An Exercise In Awkwardness
I'm pretty sure that no student taking that test would perceive that question as being an example of how to write a program. The AP Computer Science exam takes a perverse delight in double checking that every student can read deliberately confusing code. The posted question is just a mild example. I feel that criticisms of questions of that type should be leveled at exactly what's being tested - reading rather than creating code. I know I personally minded that a large number of such questions on the test when I took the exam were fairly spacial in nature - like predicting the bitmap output of a function.

Comment: I would do exactly what you outlined (Score 1) 137

by maas15 (#47842949) Attached to: Ask Slashdot: Remote Server Support and Monitoring Solution?
A place I worked for did exactly that. There are a few details that you should attend to - give out ip addresses based on the ssl certificate used by the openvpn client (and make sure you don't deploy the same ssl cert to two servers!), and have a method of restarting openvpn every time it crashes/disconnects (and exits). You'd be surprised how flaky enterprise internet connections can be. From there my work kept a database of all the openvpn servers and used it to generate a nagios config. Honestly, I've never loved nagios since it frequently doesn't QUITE do what I want, but it's good enough. If your clients are all internet accessable, I've been using a slightly expensive commercial service call Monitis which I really like. Contrary to what a number of people here have said, I don't think you need a network admin at all, if you can get the vpn stuff working with a simple acl (to keep clients' interns from bothering each other) then you should be set.

Comment: My Dad did that (Score 2) 419

by maas15 (#47680187) Attached to: Swedish Dad Takes Gamer Kids To Warzone
My dad did that, but for fairly different reasons. His friends convinced him that their area of Yugoslavia was pretty unimpacted by fighting, so we visited. It was honestly one of the more interesting vacations I've taken; the entire country was completely economically devistated. Fortunately I don't think any of the involved governments (we're American) ever found out about that somewhat irresponsible vacation.

Comment: Re:DH, FTW (Score 1) 178

by maas15 (#45259903) Attached to: Ask Slashdot: Where Are the Complete Hosting Providers?
Their service is pretty inconsistant. I think most of their customers get frustrated when they're initially filling the server - they don't do a lot of administrative oversight into what goes onto their servers, and it really shows in the first 3-4 months you are a customer of theirs. The reason they come up however, is they offer all of the stated services except VOIP. And I wouldn't use their VPN, though they offer VPN services. You can always use SSH Tunnels. I think there's a real logistics problem in offering that wide a variety of services, which is why most hosting companies won't do so. The original poster may have 5 providers, but each of those providers only has to stock admins to deal with 2-3 of the requested services.

Comment: iMail has a history of infinate recursion (Score 4, Interesting) 158

by maas15 (#45248799) Attached to: Mac OS 10.9's Mail App — Infinity Times Your Spam
This isn't the first infinate recursion iMail bug. Around five years ago I worked for a webhost at which we had customers complaining about there being nothing in their INBOX. When we checked, we'd find a giant tree of INBOX folders - for some reason iMail would create a new subirectory called INBOX every time it logged in, and then make the *new* INBOX folder the default INBOX. All the mail would still be delivered to the original inbox...

Comment: I have to suggest a specific non-linux product (Score 1) 572

by maas15 (#43362585) Attached to: Ask Slashdot: Protecting Home Computers From Guests?
... but sometimes there are commercial solutions that fit a specific problem quite well - I'd use deep-freeze, a piece of windows software. I briefly attended a school that had it on their computer lab computers - effectively the computer is reset every time you restart it. It keeps a second partition sitting around with your save point or something like that. Guests are generally non-malicious so probably won't disable the software.

Never underestimate the bandwidth of a station wagon full of tapes. -- Dr. Warren Jackson, Director, UTCS