Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re:Not a surprise (Score 1) 265

Most of the people scanning are script kiddies, so unless you are vulnerable to the very specific things they are having a tool to attack the danger of the port scan is very low. I rather deal with the problem by making sure only authorized hosts can connect to specific services, or obfuscating common programs like Wordpress (like the database folders, and install directories....) just to break all these types of attacks. I also rather keep things "fixed" by being current on patches... Most of the exploits are known and patched, and the people getting infected by them are not keeping with patches.

Comment Re:Turn it off (Score 1) 265

I was using pfsense with a special trigger script that counted how many times a particular IP raised alarms. I set it to some decently high number (some programs actually "port scan" as a part of their use...) and then only troubles were flagged. For other alerts (actual attacks) I might IP block someone instantly.... Just set the block time for a week or more and watch them give up. :)

Comment Self-fulfilling prophecy? (Score 3, Insightful) 241

It's pretty obvious the most common language is going to have the most apparent bugs and the most security woes because it is the one that is most used to solve the majority of problems. It also will be the most likely for hacker and bad people to be using as well as working to exploit as it is the language that they are most familiar with. Every language is going to have security issues it's what happens with the running application when it faults that matters, and that is likely within the control of the developers even when the language and library authors are contributing to the issues. Really, the number one "cause for exploits" is trusting input that shouldn't be trusted -- and that's that same problem for nearly any language... It has nothing to do with PHP!

Comment Gaming PCs are just silly... (Score 1) 325

Other than a few sandbox games that will run on less than awesome hardware there is virtually no reason not to take the gaming to the console. Building your own machine sounds great, but when you have a problem it is _YOUR_ problem. I experienced this myself several times and the other way to look at it is - you are down not playing games and screwing with the machine. You will probably be playing your console while the money or parts arrive. You can have quite a few XBOX Ones and PS4s for that money... I can't really see the point... other than... like..Warcraft or something that is PC only and doesn't require the best hardware. PC gaming used to be cheap and unique, now it's expensive and the consoles are just as good for most things.

Comment Are their bandwidths metered? (Score 1) 622

I'm not personally aware of any large carrier that charges on data volume (for upstream/backbone) and they are paying for the same electricity basically regardless of use. Outside of making sure they have enough pipe all the costs for Comcast, Time Warner, etc... are fixed! So, yes they can give you an unlimited plan because basically unless you're flooding the pipe their own bandwidth is unlimited. The argument that you should pay more for more use is nearly insane -- it does't cost them anything extra for you to burn thousands of extra GB because they pay nothing extra for the data crossing the wire; as long as they have enough bandwidth to cover a bad day they are fine. (They would have already bought this ahead of time, so... Yea, it's already there even if you aren't using it...) This is price gouging at its finest and what they don't realize is all they will do is make municipalities launch their own ISPs without these silly fake restrictions. A 10+gig MPLS isn't exactly that expensive for a small town, and some towns have 30+ gig fiber just laying around for the future... Really, they're just going to make sure they die off -- as if cable fees weren't enough.

Comment Re:Ugh (Score 1) 191

Fedora is always more stable than Ubuntu unless you use the LTS release. If you need total stability and enterprise features just get CentOS which is basically Red Had Linux w/no support/subscription. Fedora, CentOS, and Red Hat all work similarly enough that there is no problem switching between hem. I'd put Ubuntu LTS and CentOS pretty close to even... Ubuntu is great until you have to install the software on a raid or do something fancy -- any flavor of Redhat basically does this out of the box. I think for servers Red Hat or CentOS are the only game really.

Comment Stupidity of IT workers at work. (Score 1) 602

Look, I hate to say it but I've never trained an H1B regardless of the money involved and as a result I still have my conscience. IT workers who are completely retarded enable these companies to do these things. The answer the this question is simple: If they threaten your job if you don't train someone... LEAVE... You are not just hurting yourself, but everyone else in this profession. Three months more of pay to permanently lose your job, and worse deny that job to another qualified candidate that lives in this country? This is only a deal for you if you're mentally disabled. Without our direct help they cannot do this, so uh... Stop helping them.. Part two -- most of us are not employed as trainers. Trainers get paid more than IT workers... You actually have no responsibility to train anyone most of the time and you are not being paid for it. Specifically ask to have terms like "excludes H1B workers" if you do get paid to train. We have to stop fucking ourselves... It's really that simple.

Comment Re: Don't care (Score 3, Interesting) 174

What they don't get is people watch programming through the VPN because they have other way to get it.... If they spent half as much of this effort by negotiating with Netflix or Hulu for US customers to get these shows streamed we wouldn't care about VPNing them through iPlayer and still "paying for them..." It's just the typical ass-backwards corporate thinking at work.

Comment Whether TOR is cracked or not.. (Score 1) 122

It think the best use of it is hiding your IP from every site, and adding another layer of encryption. If you need message security use a message security encryption, and if you need a file encryption use the right tool. Assuming anything on the Internet isn't clear text at all times is just being foolish -- even if the site you are on uses HTTPS it is possible that they are hacked, etc...

Comment Stop putting real data on websites (Score 1) 370

I keep saying this, but nonetheless unless you have a legal obligation to provide real info don't. The problem is your data goes in databases and you have no idea how long it is going to be retained. Closing your account doesn't even delete the data. Next, change all the info that is relevant... STOP USING REAL INFO.. esh... I'm not going to say it again.... you aren't getting checks from these people they don't need your info.. New Github account New Phone/E-mails New Everything that can be remade. For non-essential accounts use bullshit information. Use different information on each site and record them somewhere safe. You can parrot them back if you have to. Close all of the accounts they are bombarding. Solved...

Slashdot Top Deals

"Hey Ivan, check your six." -- Sidewinder missile jacket patch, showing a Sidewinder driving up the tail of a Russian Su-27