Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Disclosed Netgear Flaws Under Attack (threatpost.com) 12

msm1267 writes: A vulnerability in Netgear routers, already disclosed by two sets of researchers at different security companies, has been publicly exploited. Netgear, meanwhile, has yet to release patched firmware, despite apparently having built one and confirmed with one of the research teams that it addressed the problem adequately. The vulnerability is a remotely exploitable authentication bypass that affects Netgear router firmware N300_1.1.0.31_1.0.1.img, and N300- The flaw allows an attacker, without knowing the router password, to access the administration interface.

Comment Re:Cultural? (Score 1) 469

Depending on the corporate structure, you doom your career with the company if you ask for such orders in writing.

Note at all:

From: PropellerHead@vwtech.com
To: SupremeManager@vwtech.com
Subject: Smog modification clarification

Mr Smegbert,

I just wanted to clarify your verbal request to disable the backfeed loop on the emissions detector; did you want that to happen all the time or only automatically when the engine was not in drive? The possibility exists also to make this a button that the driver could push.


Smarty McSmartpants
Sr Propeller Head Engineer guy

Comment Re:It could work. (Score 1) 686

Well, the idea is solid, but there's so much revisionist history here....

Linux isn't a fork, it's a rewrite. FreeBSD was in no way derived from Win 85. MS-DOS wasn't a fork of CP/M, it was a hackish clone.

And those are the parts I'm somewhat familiar with...

Comment Re:BTRFS is getting there (Score 2) 269

5 years ago, it seemed that BTRFS was rapidly getting there, and its inclusion into the kernel made it feel like a rather sure bet!


5 years later, BTRFS is still "rapidly" getting there. I've tried it numerous times and had horrible data loss events literally every single time, and this as recently as a month ago.

Meanwhile, we're using ZFS on Linux in a complex production environment in a worst-case mixed read/write use case and it's been absolutely rock solid bullet proof, demonstrably more stable than EXT4. Yes. More stable than EXT4. And this while bring so many incredible features to the administration table! Until you've lived with snapshots, replication, clones, pools, zvols, extendable pools, and dynamic resource allocation, it's like trying to explain Monet to a blind person.

I sincerely hope that ZFS finally becomes a first class citizen in the Linux community.

Comment Re:6 years (Score 2) 127

Regardless of whether QNX is superior or not technically, it no longer matters. They've lost because people want to use what is popular (and has apps), and Android and iOS are it.

I'm just glad that, a few years ago, when Windows/OSX ruled the roost, that the hairy hippies didn't say this about Linux. We can crow now, that Linux is installed on more devices than any other kernel or O/S, but Linux wasn't always such a sure bet.

Diversity is good. I welcome it. I'm hoping they digest the Android ecosystem and learn to use it to strengthen QNX.

Comment Re:Dell Precision (Score 1) 237

I have a precision M3800 and love it! Lightweight, decent battery life, gorgeous 4K screen, wickedly fast i7 processor, dual HD ports, (one mSATA) HDMI support...

All of which makes it a beautiful laptop, but add to that native Linux support... I'm a Fedora fan so I bought with windows and dual boot. It "just works" with a Fedora install.

Comment Rose colored glasses (Score 1) 62

Your confidence is proof of your inexperience. Data... dies. Sorry, that's just the truth.

If you've ever tried to do a data recovery on years-old data, whether it's audio tape, film, HDD, flash, CD/DVD rips, whatever. They all have an error rate that increases over time.

The only way to preserve data long term is to actively manage it. Keep redundant copies. Use error correcting code to identify data errors and correct them. Media must be periodically re-read and written to ensure "freshness". Non-digital data must be redundantly copied in line with its utility, analog data should be digitized to minimize generation loss.

We maintain a large ZFS file store. We scrub everything weekly, a process that does all the above to proactively identify small data errors and fix them before they become big, unrecoverable ones. We store all our data in redundant storage pools, and replicate constantly.

This, or a process like this, is what's required to keep data squeaky clean, secure, and accurate.

Comment Re:no purpose left (Score 2) 229

This may be the popular opinion, but it's simply not true. Anybody who has developed in flash/Actionscript and also HTML5 knows that the difference between the two as a developer is stark.

HTML5/javascript is a series of layered hacks on hacks on the foundation of a script thrown together by Netscape in a few weeks. There are loads of browser-specific behaviors to be aware of, and the core functionality that there is a plethora of javascript libraries (jquery, prototype, and too many others to name) that try to create the semblance of continuity across all the different, slightly incompatible browsers.

I really, truly don't understand why Adobe has chosen to just sit on their fingers with flash rather than deal with its issues. Either Adobe is almost criminally stipid in their handling of Flash, or the actual Flash source code must be unbelievably awful.

Comment Like it's sold in data centers (Score 1) 346

What you're describing for "unlimited" is what would be termed in a data center "unmetered". If I buy a 100 Mbit unmetered pipe, I can do exactly as you say, max out the 100 Mbit pipe 24x7 as I please.

What customers really want, most likely, is something like a "burstable" connection with reasonable limits. Let's say I buy a 100 Mbit "burstable" connection with a 10 Mbit commit. That means I can use up to 100 Mbits at any moment, but if the average is over 10 Mbit I pay more. (It's actually not average, it's 95th percentile, but we'll call it "average" for this conversation)

So there are limits! Fine. I'd happily go for an agreement that

1) states an average data rate,

2) Allows me to burst up to 4x or 5x that rate,

3) Throttles later in the month to maintain the average data rate or less.

4) As technology advances so that bits are cheaper/faster to send my average data rate climbs, or monthly price drops

I think the problem isn't with 1, 2, or 3, but with #4 It's much cheaper to send a GB of data now than it was 3-5 years ago. Why hasn't my usage cap gone up, or my monthly price dropped? Until that question is answered, all we're dealing with are lies and spin.

Comment Re:I'm not a panicky guy but... (Score 2) 426

I'm advising everyone to install Linux from now on, this crap is not worth it, not even for free.

If you're this late in the game and *finally* saying this, well, welcome to the club!

I switched almost 20 years ago to Linux, when my Windows 98 computer emailed a word file of customer names and (private) contact info with a virus. Realizing the risk of staying with an insecure platform, I jumped to using Linux for my workstation full time.

I've never looked back.

RedHat Linux became Fedora/RHEL/CentOS but picking the "main" commercial distro at the time has paid enormous dividends over the years! In the intervening years, I went from newbie to experienced software developer, with pay scale to match. Security has been excellent; the constant plague of malware and virus updates are a long distant memory.

This while serving thousands of users at hundreds of clients 24x7.

Yes, I still Windows - for games. And that is dwindling.

Comment Re:Man I want this (Score 0) 111

This is grownup LEGO.

No, it isn't. It's an attempt at a shunk down, big-box PC. You know, the boring beige boxes that nobody buys any more? I see no way that this saves money over time. The branding is in software, which this doesn't fix. See: Cyanogenmod which works with many already existing phones. It's highly impractical, expensive, and architecturally prone to failure, as you have a mobile, device commonly subjected to strong impacts, which is exactly when you don't want removable, (flimsy) interlocking pieces.

> I'm not going to buy a phone until I can get something like this, and I don't really care if it's made by google or someone else.

You're gonna be waiting a long time. Sorry.

Comment People being people (Score 3, Interesting) 154

There's no hard, fast answer, although it would probably be popular around here to assume that the right place is with the Tech dept. This is certainly supportable; I've seen plenty of clueless administrators blinded by blinking lights and flashy fluff make architecturally very poor choices!

At work, we are a vertical stack cloud-based software vendor. We work with hundreds of clients and deliver a very excellent product that saves our clients $$$. Several times now, I've seen IT departments that have ballooned into inefficient "candy stores" for developers who are mostly intent on increasing their take of the organization's $$. It mostly happens because the managers at our client organizations aren't techies in any sense of the word, so they take whatever techno mumbo jumbo blurted out by the techies as gospel.

When the powers that be at the organization bring us in, and ask the tech department, they are almost universally ice cold to the idea of working with us, as their job is potentially on the line. Change = BAD! And so we see a fight while the corrupt IT department and the management duke it out. We've lost a few, we've won most. In any case, we often come in as little as 1/5 the cost of the bloated, internal IT department's offerings, while offering better service, better security, and strongly worded privacy and availability clauses.

So there isn't a right answer, you know? Some CxOs are clueless or corrupt. Some IT departments are similarly incompetent or corrupt. It all really comes down to "people are people".

Comment Re:Surge Pricing - Why The Hate? (Score 1) 250

There is only a difference of semantics between the following two statements:

1) Conserving resources during an emergency by strongly discouraging the waste of a suddenly valuable commodity.

2) Taking advantage of an emergency by gouging customers in need of a suddenly valuable commodity.

There is literally no difference in practice between the two, the difference is intent of the seller, the actions could, quite literally be exactly the same. If we can use greed to make a bad situation better, shouldn't we?

This is the foundation of economic theory, and it rarely works out well to ignore economics altogether.

"Trust me. I know what I'm doing." -- Sledge Hammer