Please create an account to participate in the Slashdot moderation system


Forgot your password?

Comment Re:Urg. (Score 1) 30 30

Bingo. People are throwing up their hands and surrendering, when in reality, the bad guys tend to use fairly simple means to get their data.

A few things that help privacy for me:

1: Visit people, and have face to face conversations. Phones should go off, or in a pocket.

2: Have 2FA. This right here stops all but targeted attacks where an attacker is spending resources just to nail one certain person. To help with recovery, buy the new iPod Touch and copy your 2FA info onto that as well, so more than one device has the 2FA apps and codes.

3: Separate boot authentication from user authentication. My Windows box requires a hefty password to boot with BitLocker. Similar with my Linux machines and LUKS.

4: AdBlock, FlashBlock/ClickToPlay, and run your Web browser in a VM. Also work on dealing with Web fingerprinting (visit EFF's Panopticlick for more details.)

5: Avoid social networks. Once stuff goes there, it stays there.

6: Virtualize everything. Using Quickbooks or Peachtree? Put it in an encrypted VM.

7: Since some games will autoban you if you run them in a VM, perhaps consider a dedicated Windows partition just for those.

8: Here in the US? Go with EMV credit cards with no stripe. Banks are slowly rolling them out. This way, a credit card number can be grabbed, but it would be a card not present transaction, as opposed to slurping the info off the magstripe.

9: Minimize use of IoT devices. No Wi-Fi deadbolts, etc.

10: Have a smart firewall. One that blocks outgoing traffic. I used to have one that used a cheap remote that would raise/drop a voltage on a serial port, so when I left, I could hit the remote, and the machine handling the routing duty would insert an "away" ACL set (which basically blocked outgoing traffic except for OS updates.)

Comment Re:cost per bit... (Score 4, Interesting) 118 118

I can see this being used two ways:

A fast SSD.

A swap device/slow RAM.

This can make things interesting for SANs, especially because it adds another tier to the disk type hierarchy.

I'd like to see it used as a cache, as well for swap and the core OS files so booting is made quicker. However, it would be useful for database index volumes as well.

Comment Re: So what? (Score 2) 462 462

I've found that "business casual" means a lot of different things as per workplace.

When I first started at a call center ages ago, "business casual" meant the people on the phones had to wear a suit, tie and jacket, but there was the relative luxury that the top button could be unbuttoned.

Another startup, "business casual" meant just three layers of food in your beard.

Still another place used the expression to mean that wearing a decent golf shirt tucked in is OK.

Comment Re:EMC Isilon (Score 1) 215 215

Isilons are a cool technology. Take FreeBSD, add a custom filesystem (OneFS), link individual nodes via Infiniband, and let the custom code automatically select which nodes/drives to fetch data from. If a hard drive blows, it shrinks the array in order to maintain redundancy.

Of course, Isilons support deduplication, iSCSI (you create a disk image and mount that), and your NAS protocols of choice. If you set a hard quota, the presented directory can be configured to show the quota as the disk space present. Very nifty, and not that expensive for an enterprise array. Need more space? Add drives or more nodes.

For long term backups, Isilons support NDMP [1].

[1]: Of course, you can always connect a tape silo to a UNIX machine, write a script that SSHes into an Isilon node and pulls off /ifs/data.

Comment Re: Talk to Vendors (Score 1) 215 215

Unless I'm completely hallucinating, I have set up MPIO on ESXi for iSCSI, as well as a LAG (link aggregate) for a NFS based backing store.

iSCSI has its place in the enterprise, and it can be used in production. If the NIC supports it, it can even be used for booting. How does it fare against 8GB FC? In reality, there are a few tasks which will saturate a 10GB iSCSI link or an 8GB FC link, but not that many.

All of these are just tools in the toolbox. iSCSI is easier to get going ad-hoc (but still be useful with MPIO), FC is well known and well used, and FCoE seems to be popping up because it works well with Cisco Nexus architecture.

Comment Re:Talk to Vendors (Score 2) 215 215

Oracle has a SAN (well, SAN/NAS) offering which does similar with a rack of ports/HBAs that were configurable, assuming the right SFP was present. Want FC? Got it. iSCSI? Yep. FCoE? Yep. Want to just share a NFS backing store on a LAG for a VMWare backing store. Easy doing.

The price wasn't that shocking either. It wasn't dirt cheap like a Backblaze storage pod, but it was reasonable, especially with SSD available and autotiering.

Comment Re:VeraCrypt (Score 4, Informative) 114 114

There were two forks coming from TC. CipherShed was another, but it hasn't been updated since pre-alpha, so it is probably good to pronounce it dead, so VeraCrypt is arguably the successor for TrueCrypt as of now.

If I were only worrying about Linux, I'd either use LUKS or perhaps a filesystem based encryption process like EncFS. EncFS doesn't provide as much protection (it does let an attacker know file sizes in a directory), but it is definitely a lot more flexible, and the encrypted files can be backed up and restored with ease.

Comment Re:Never heard of it (Score 2) 114 114

The stego capabilities of Tomb are interesting. The print to QR code for backups for keys is also much appreciated.

For me, what is important in a TrueCrypt replacement is cross-platform compatibility. I could create a TC volume on a NAS with a Windows box, mount and toss some files into it with my Linux machine, then mount it on a Mac (obviously, not having multiple machines mounting it at the same time) for more items. VeraCrypt has kept this, and has added the ability to use TC volumes under W8.1, a long needed feature (well, if you want to actually see more than a permissions denied error, that is.)

I do think it is interesting how Tomb allows one to hide a key within pictures.

Of course, what would be nice for a unique encryption program would be something along the lines of PhonebookFS. Based on EncFS, it allows one to use multiple keys to mount a directory, each key showing a different group of files (called layers). In that directory are random, "chaff" files, just to keep people from guessing the contents of the directory by file sizes. The advantage of this system is that plausible deniability is always present.

I do applaud anyone who takes the "cypherpunks write code" motto to heart and actually writes something to benefit the community.

Comment Re:Misleading and Hyperbolic Title/Comparison (Score 2) 129 129

I do agree that it isn't a remote root shell hole, but it can be combined with something like the SSH brute force vulnerability or another attack that can execute shell commands as an unfettered user... and then the box is compromised.

The good thing is that Macs have functionality similar to SELinux as well as sandbox capabilities via the App Sandbox. This should be something used by all programs whenever possible, since it allows the OS to isolate the program from the rest of the filesystem and OS, helping mitigate a compromised program.

Hopefully Apple can issue a fix in a short amount of time, because this is an easy exploit to use, and combined with something like a broken Java variant, could be used via the Web browser to hijack the entire box.

Comment Re:Gee, I'm really torn... (Score 1) 129 129

Websites existed well before ads came around. There are other models to make revenue, be it subscriptions, microtransaction based clearinghouses [1], grants, or other ways.

People are inventive. The Internet as we know it would survive if all the third party behavioral monitoring, tracking, ad-slinging, and shovelware/malware companies took a powder.

[1]: None of these solutions are perfect, but the current ad model can be abused as well.

Comment Re:Gee, I'm really torn... (Score 2) 129 129

The ad industry is a bubble. Look at the clickbait ads pushed at you constantly. Obama's HARP, reverse mortgages, asking how much your car is worth, "free" [1] $100 Amazon gift cards. Programs that are dodgy at best. "criminal background checks" that demand a ton of your info... then want $35-50 for the check. Yes, there are a few relevant items, but most presented are at best dodgy.

What they are selling are not ads. They are selling the data that gets slurped off your phone or computer, which is why browser fingerprinting, supercookies, add-ons galore, and other stuff are the norm. The ads are secondary to watching what the person is doing, 24/7.

[1]: TANSTAAFL. I read the T&C on a "free" offer, and it required subscribing to three different things on a gold/silver/bronze level, as well as many other hoops to jump through before you would even be considered for the card.

Comment Re:What Security Experts Can Learn From Non Expert (Score 1) 112 112

You pretty much nailed it. The good thing is that we have plenty of tools to help with compartmentalizing info, to the point where it is almost surprising to see them not used.

If it comes to a pissing contest of users versus IT security, the users will eventually win, either by cunning, or just telling PHBs they can't do their jobs... and if it is a guy out of sales who is making the numbers, the PHBs will listen to that guy almost certainly, since they view security has having no ROI, but the "quarterback" making the "touchdowns" is earning real money for the company. In the past, one could scare management by pointing out Sarbanes-Oxley laws, but those are pretty much not enforced (well, unless one is fishing over their bag limit and decides to hide their caught grouper), so that argument tends not to have teeth these days.

Comment Re:They're worthless. (Score 2) 213 213

Realistically, IT needs to do like plumbers, electricians, and HVAC tradespeople: They need licensing across the board with a vendor independent group doing the licensing.

Certs in plumbing would be like a PVC company having tests to see how good a plumber is at gluing their pipes together. Does it matter in plumbing overall, such as selecting the rise and tilt of pipes so poop runs downhill? Nope.

Similar if certs were similar for electricians. Square D could make certs for their circuit breakers and boxes, but does that mean an electrician knows not to run 440 three-phase through a set of nipple clamps? Nope.

Comment They get your foot in the door... (Score 3, Informative) 213 213

They are not really worthless. They get you in the door and past HR, as "CCIE ID #12345" is a lot better on a resume than "Cisco fabric experience". Similar with RHCE ID "111-1111" as opposed to "I know Linux". From there, you now have access to the tech people, which without the certs, you wouldn't even been allowed near them.

There are also jobs that require certs on the job. I worked at one place that had auditors that did spot checks, and one's certs lapsed, the IT person would be fired on the spot and escorted off the premises for something along the lines of "failure to maintain proper training for the equipment used."

No, certs don't substitute for experience, but a cert gets you in the door, far more than "gee, I learn quick."

A programming language is low level when its programs require attention to the irrelevant.