Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Slashdot Deals: Cyber Monday Sale Extended! Courses ranging from coding to project management - all eLearning deals 20% off with coupon code "CYBERMONDAY20". ×

Comment Re:Just don't IoT (Score 1) 88

That precedent is an uphill battle. Most devices will come with some type of EULA to use the "software" on the item, which has been proven in court to make software makers sue-proof.

The fact that there are EULAs that allow IoT devices to have unfettered access info, and allow third parties to have it is another reason those devices need to remain at the store.

Comment Re:Just don't IoT (Score 1) 88

In the UK, "Insurance lock rated" means something. It means that a bike or moped that was secured with the lock would be covered as a condition of the insurance policy.

Here in the US, it doesn't mean that much, as there are fewer third party testers, so the next best thing is to use Europe's, which do mean something other than advertising hype.

Comment Re:battery vs capacitor (Score 1) 74

A capacitor stores electricity in a physical form. A battery stores it in chemical form. Capacitors can store energy a lot faster, but have a fraction of the energy per cubic unit volume that a battery does. However, a capacitor can charge and discharge extremely quickly, allowing them to be used to smooth out rectified A/C, for example.

Comment Re:Just don't IoT (Score 5, Insightful) 88


1: Ransomware is on the rise, with new vectors.
2: There is zero incentive (financial or otherwise) for IoT vendors to do anything but lip service to security. As a PHB told me a few years ago, "show me where purchasing a padlock, a card access reader, or a secure appliance has ever shown a financial gain for any company other than to Assa-Abloy or a lock maker." Of course, this is fallacious reasoning, but it is pretty common.
3: Testing is abbreviated at best. The goal is to get the IoT devices to market fast... worry about glitches, bugs, and security items later, or maybe fix them in the 2.0 version.
4: There are no IoT security standards, or architectures [1].
5: There is no assurance about security, other than maybe a pretty lock icon, or "protected by 256 bit AES"... generic drivel. When I buy a padlock, I can buy one with "Sold Secure", "Insurance lock rated", or other ratings that the lock passed some heavy testing. When I have an electrical appliance, it is UL listed. There is no body that can show security compliance for an IoT device. So, I have nothing but the word of an advertiser.

All and all, IoT devices are a win/win for tracking companies and blackhats... but for the people shelling out cash for the devices? Not much. I don't have any BlueTooth light bulbs, nor deadbolts accessible from the Internet. And I plan to keep it that way. In fact, if I were to pay for an expensive fridge, it would be a fridge that used propane or natural gas, so a power outage would only turn off the light inside, not affect cooling.

[1]: An example of a reasonably secure architecture would be devices that communicated via BlueTooth or Wi-Fi to a hardened hub appliance, which then communicated to the Internet. This way, there would be no direct access from the outside to IoT devices, and the hub appliance could be configured with IDS/IPS rules to block out a compromised appliance.

Comment Re:Idiot (Score 1) 349

I would probably go with a different term of succeeding and failing.

Until we get battery technology that can store in the range of energy per cubic unit as gasoline or diesel, or we have some way of pulling CO2 out of the air and turning that into a stored fuel (propane, or ethanol), renewables will hit a wall, and can't do much for base energy usage.

However, peak energy, on the other hand... is a completely different story. Renewables have helped a lot in this department.

The payoff with renewables is the relatively low upkeep over time. For the most part, once a solar install is in place, one has to maintain the batteries, wash the panels off, and if the panels are on a tracking system (which gives 20-35% more energy depending if it is one or two axis), keep that maintained.

Wind is similar, batteries need maintained, but other than that, if the turbine hasn't had damage, a number of them are rated to not need maintenance for 120,000 hours.

What would fundamentally change things (next to fusion, of course), would be very energy dense batteries. Think Tesla's PowerWall. This would change the grid for the better.

Comment Re:Hydro FTW (Score 1) 195

If hydro is available, why not use it? Nothing is perfect by any means, but once the dam is constructed, hydro is a relatively inexpensive source of constant, high quality electricity 24/7. A good example of this would be Paraguay/Brazil's Itaipu Dam.

If it were available, I'd definitely go hydro. However, in a lot of areas, it definitely isn't going to be possible.

Most likely, a data center would probably have to use a mixture of sources. Solar would definitely help take the edge off peak energy consumption (both in the energy machines used, as well as the energy used by the HVAC system to keep them cool.) Next to that, a wind farm (although not many areas in the US are good for this.)

If the data center is in a completely rural area, what might be one source, assuming the absolute stark terror of nuclear abates for a bit, using an on-premises thorium reactor (LFTR/MSR as a type as it can use more generated energy, as per the Transatomic ads... take them with a grain of salt) comes to mind. This would not just provide base energy for the data center, but also be an asset to the electric grid.

Of course, if fusion power becomes available, all the debate about energy becomes moot.

Comment Re:"Reset to factory settings" button (Score 1) 150

For a little bit more, I can get a pair of studio grade monitors and perhaps a subwoofer. No, they may not have Bluetooth or whatnot, but that is what a stereo receiver is for.

Of course, monitors are supposed to have a flat response across the board, but that is what equalizers are for, if one wants boominess.

  For a decent home system, speakers should have ports for audio, and that's it. Other equipment takes care of the other items. This way, no matter what upgrades to audio receivers happen, the speakers will always be usable. Adding electronics just means the component now is dated. For example, with 4K coming out, unless every component of a system is HDCP 2.2 compliant, you will wind up with blank video.

Of course, it is quite obvious that none of this should be connected to the Internet other than maybe the audio receiver which is used for streaming. Everything else, if a firmware upgrade is needed, should be done by a USB flash or a SD card. Ideally, another physical switch or button used so the flashing process requires someone to actually have initiated it.

Comment Re:"Reset to factory settings" button (Score 0) 150

This, in a nutshell.

I see this with computers. Someone has an issue with their desktop machine, they toss the old one and buy a new one. Phones? Instead of worrying about ROMs, they just toss theirs and buy a new one.

People are conditioned to buy something new when stuff breaks. The TV goes bad? Buy a new one, and make sure to get the Geek Squad warranty so it can be exchanged if it breaks.

Lets look at scenarios:

Scenario 1: The TV maker puts in an "oh shit, reset all", which reloads a "1.0" OS from a ROM, or at least some onboard flash with writing disabled. This costs money for them to have it, and support costs to tell the user to press these keys while turning on the TV.

Scenario 2: The TV maker just has their support tell customers they are hosed, and buy a new unit. Support costs are far less, since it is far quicker to tell someone to go to Best Buy than it is to hang on the phone. In addition, the TV maker makes a profit on a new set.

With Scenario 2 being more profitable, which would they go with?

Comment Re:Wait, what? You can see other peoples' wallets? (Score 2) 76

Very true. Blockchains definitely are truly proof of where the coins went. However, there are ways to launder BTC, such as tumblers, CoinJoin, exchanging for another currency and then back, and so on.

Because of this, BitCoin is still used for nefarious purposes, as the transactions may be 100% traceable, but once moved out of the BTC arena into another currency, that is where the trail can go cold quickly.

Comment Re:thinkpenguin, librem and eoma68 laptops (Score 2) 92

For home/SOHO usage, what also might help is adding a router and virtualization. The router ideally should be a small PFSense appliance with snort on it.

Virtualization helps because it keeps things isolated. Nothing is perfect (as in theory, the hypervisor can be compromised), but with a layer separating the desktop OS from the bare metal, and an active gatekeeper that can easily block stuff phoning home, this will help with mitigation.

For example, web browsing. Running the day to day browser in a VM [1] will go far in ensuring that a compromise via the browser won't go far. Since most browsers will sync bookmarks, a complete rollback to a known good snapshot every so often (Patch Tuesday, for example) will not waste much time.

Later companies/enterprises are a different story. However, they have a lot more tools, such as VDI, better IDS/IPS monitors, and so on.

On a side note, the parent poster has presented a good argument about why a desktop should be AMD. Definite food for thought.

[1]: Running the VM on a SSD will help performance out, otherwise the main OS and the VM will always be fighting for control of the drive heads.

Comment Re:Coming soon in Windows 11 (Score 2) 92

In companies, using a device like BlueCoat, or another, and dropping the root cert into AD for it to be auto-trusted isn't unheard of.

However, I'm seeing this being done more and more with adware. In fact, when helping to clean some infections, when I was doing a quick forensic check before saving documents and wiping the box, almost all the machines with adware/scumware had a root cert added, and all traffic going through some local VPN or proxy. This is of course fixable, but if this is done, who knows what other stuff is installed, so it is best to just save critical stuff and start all over.

There is one way around the WPBT install (which has been around for almost a decade, mainly used to reinstall LoJack for Laptops), and that is to install an OS which acts as a hypervisor (ideally a non-Windows OS which doesn't give a hoot about WPBT), then do the rest of your work in a VM. Of course, this makes gaming almost impossible, but it is a way to mitigate the damage that WPBT installed software is able to do.

I personally don't mind software that an OEM wants to have installed with Windows, especially drivers for NICs and core items which are difficult to just fetch and download. However, the ideal would be to have an install/recovery image of Windows on a read-only flash partition, ideally with the ability to boot more than one Windows edition (so a machine that initially came with Windows 7, got upgraded to Windows 10 has the option to boot and install from either.) At the minimum, the user should be prompted and given the option to install each signed package, or just decline everything.

Comment Re:No LEDS (Score 4, Interesting) 508

e-Ink displays on more devices would be useful in general. For example, on a home router, it could display the initial password on it, and with a button or two, have minimal configuration done (set the IP), so it can have the rest of its configuration done via a web page (or SSH.)

For external devices like a home NAS, it can show a snapshot of what is going on every so often (5-10 minutes), as well as show that there is an issue with a downed drive or fan. Even external hard disks could benefit, since the display could show SMART status, or number of writes for a SSD.

For a time back in the 1990s, every device had a LCD readout that had verbose info on it. The computer case showed what was going on via POST. The monitor (CRTs, at the time) showed resolution and refresh rate. Printers showed stats like how much toner/ink was left in real time. Even tape drives showed how long until they needed cleaned, what density and blocksize was in use, and the capacity of the cartridge. If those displays could come back as e-Ink items, it would be quite useful.

Comment How about Kensington lock slots and keylocks? (Score 2) 508

For laptops, how about Kensington lock slots? Computers are not cheap, and it would be nice to be able to chain it down to a desk without having to either go with a laptop cage, lock it in a drawer, or use some slapdash method like a piece of metal between the hinges.

For desktops, I'd like to see real keylocks return. Not the crappy round-key cheapie type, but the real 5-6 pin Medeco locks that IBM used on their PS/2 machines. The keylock in front would be a soft-switch to the OS to disable all HID devices and blank the screen (so someone plugging in a USB keyboard or mouse would still be locked out.) The keylock in back would keep the case from being opened without leaving obvious damage. Combine this with some type of cable, and it will help ensure the desktop stays put.

Of course, it might be nice to have a fiber optic cable that each end plugs into a set of S/PDIF slots. If the cable is cut or unplugged, it acts as an intrusion sensor, and immediately hard-powers off the machine. This way, if a machine is physically grabbed, the data is protected.

All programmers are playwrights and all computers are lousy actors.