Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment: Re:Another use of Crypto-coin - as gift cards (Score 1) 39

by mlts (#48870797) Attached to: Jim Blasko Explains 'Unbreakable Coin' (Video 2 of 2)

There is another nice thing about that system. If the crypto behind the currency is ever broken, it matters less and less as time goes on.

I wonder if there would be a way to have the currency keep a fixed value for a certain period of time, then taper off until it is worthless. This way, if I wanted a store currency, I could have one which would be valid for a year or two (with a -lot- of notice about the expiration date coming up), then after that time, I wouldn't have to worry about it.

Comment: What about servers? (Score 3, Interesting) 567

by mlts (#48870721) Attached to: Microsoft Reveals Windows 10 Will Be a Free Upgrade

I wonder if the server version of Windows 10, likely Windows Server 2015 or 2016, will have a similar update program, or if it will follow the same steps as previous server versions.

Windows Server editions are not as flashy as the client releases... but a single feature or set of features can impact the enterprise in a very large manner. For example, the deduplication ability of Windows Server 2012 and Storage Spaces/ReFS has put the OS near parity with ZFS for defending against bit rot, and the ability to add hard drive space without having to rebuild an array.

If an edition of Windows Server came out with a Hyper-V kernel on par with VMWare in management ability (as in RAM compression/deduplication/ballooning), with real-time drive deduplication. Couple this with Infiniband support and the ability to access another machine's hard drive volumes (in a clustered way, so locking between boxes is preserved), and this would allow a bunch of Windows boxes to not just act as a compute node farm... but also provide SAN-like access and redundancy. More drive space would be easily added by tossing more computers in the array as well as adding disks.

I have a feeling the server version will likely stay the same, with no real incentives to get people from 2012 or 2012R2... mainly because the UI (for the most part) isn't an issue, because one ends up using SCCM/SCOM/SCVMM for most management duties anyway, so the UI on the server doesn't matter as much.

Comment: Re:enterprise will need some kind of offline mode (Score 1) 567

by mlts (#48870577) Attached to: Microsoft Reveals Windows 10 Will Be a Free Upgrade

After XP, the enterprise version of Windows, assuming a KMS structure, will just bounce another activation from the key server if there are so many hardware changes that it feels like it needs to reactivate. These activations are not permanent -- at most 180 days.

For virtual machines, with Windows Server 2012 or newer, if they sit on Hyper-V, they will automatically re-activate and stay activated for seven days.

I think Windows 10 will be the same. Toss the master KMS key on a machine or VM, use a generic KMS client key and set its activation either by DNS or slmgr /skms, then a slmgr /ato... and forget about it.

Comment: Re:Not for new users of FreeBSD (Score 1) 75

by mlts (#48852737) Attached to: Book Review: FreeBSD Mastery: Storage Essentials

That can be debated. A DYI NAS that does the job can be done pretty easily using RAID Z2 [1]. However, an unRAID appliance has some flexibility where one can add more hard disks as one sees fit dynamically without having to rebuild the entire array. Next to an EMC Isilon (which has 3+ nodes connected via Infiniband), this does the job quite well.

Maybe this is the next step up for evolution of filesystems, where an array can be upgraded (disks added/subtracted) without affecting the data on them. Of course, parity and redundant copies will be affected, but the data would still be usable. This would be nice on servers that are not SAN connected, so adding more drives to a live filesystem is something that would be done.

[1]: RAID Z only can detect bit rot... RAID 1 and Z2 can find it and fix it. UnRAID doesn't seem to have any measures to protect against this. The EMC Isilons do, periodically running their equivalent of a zpool scrub.

Comment: Re:Is it really a surprise? (Score 1) 199

by mlts (#48852049) Attached to: Insurance Company Dongles Don't Offer Much Assurance Against Hacking

Even more ironic, proper security isn't really that hard or expensive. Most of the tools are already sitting there ready to be used, and tools like SolarWinds, Splunk, and adding IDS/IPS functionality to network devices is not budget busting. Heck, just SCOM alerts about the attempts at brute-forcing domain users sent to the right people's email would have stopped the Sony attack in its tracks.

Comment: Re:What a crock (Score 4, Interesting) 75

by mlts (#48852041) Attached to: Book Review: FreeBSD Mastery: Storage Essentials

In real world cases, this scenario happens:

1: Person loses their laptop/USB flash drive/storage media.
2: Someone finds it and examines it, or hands it to someone who can.
3: Stuff is found on there.
4: Front page news.

Just by having some form of disk encryption, preferably something that protects the entire machine (like geli)... that adds a large amount of security. A lost laptop goes from being a major corporate panic to becoming "just" a hardware loss, especially if the laptop has some mechanism like a removable USB flash drive or a TPM chip (which locks out for longer times the more failed guesses are attempted), and not just a passphrase that can be brute forced.

For most people, encryption is a no brainer. Turn it on, set a passphrase, forgot about it, except when after a reboot.

Now when people start mentioning rubber hose decryption (xkcd.com/538), this is generally not something everyone faces. However, there are other tools for that for plausible deniability, such as TC and its successors.

FDE encryption on a laptop that goes places should be considered a must, regardless of OS. Laptops and external media need some protection, and in most cases, the thief will boot the laptop up, see a FDE prompt, shrug, format the box, install a Windows variant, and pass it to another fence somewhere else to be sold.

As always, backups go without saying. Disk encryption and SSDs make this more important, because a TRIM means that the data isn't just marked as gone... it is -gone-, as in the physical cells has been zeroed out by the background garbage collector, and nobody is going to recover them. There are many ways to effectively back data up securely, and that is something left as an exercise to the reader.

Common sense says turn disk encryption on with a laptop, plain and simple.

Comment: Re:Try Here (Score 1) 184

by mlts (#48851427) Attached to: Ask Slashdot: Can I Trust Android Rooting Tools?

I've been frequenting XDA Developers for a long time as well (since the Windows Mobile 5 days), and I've never encountered any deliberately malicious software. So far, the worst I've encountered was someone who had their directions wrong so that a flash to a recovery image was sent to the system partition (and even that was fixable by a reload of the factory RUU.)

What the parent said holds true. Read and search. If you do run into a problem, make the thread as detailed as possible, perhaps with screenshots. People are less likely to make snide comments and move on, if they see someone at least tried to do their homework.

It doesn't hurt to donate something to Android developers, ROM writers, and the people who write the rooting/bootloader unlocking code. Android is an ecosystem, and it doesn't hurt to toss something in [1].

[1]: One project I do recommend people at least toss something is XPrivacy.

Comment: Re: Disposable Androids (Score 1) 184

by mlts (#48851389) Attached to: Ask Slashdot: Can I Trust Android Rooting Tools?

One trick I learned is to format the machine completely (using the clean all command under disk part), install the OS of choice, load needed drivers and updates, and once it is in a place where everything is stable... then activate it, and save off a couple wbadmin backups.

Now, if I need to reload a physical Windows box, I boot the Windows media, format, then reload the image, and reboot. Back to how it was. I can always get fancier by having a USB flash drive with Offline WSUS [1] images so I can get all patches installed if I so chose.

[1]: This isn't a MS product; use at your own risk. However, it is useful for updating a machine with a limited or no Internet connectivity.

Comment: Re:The pendulum swings too far... (Score 1) 441

by mlts (#48826085) Attached to: Why We Have To Kiss Off Big Carbon Now

I hope you are right and I have missed some factor, but I just don't see how a trillion dollar industry will let itself be "beaten" with prices out of its exact control, just because fracking was able to get more oil on the market than was expected. OPEC controls the vertical and horizontal when it comes to oil prices, and all they have to do is slow down production at their whim, and prices will be back up, if not more. Non-OPEC countries will end up just following, and even if they continue to produce, they don't produce enough to significantly influence the market.

Comment: Re:The pendulum swings too far... (Score 4, Interesting) 441

by mlts (#48825897) Attached to: Why We Have To Kiss Off Big Carbon Now

I would tell people to enjoy the oil drop while it lasts. This may be long gone by Memorial Day. Why? A few reasons:

1: China is a very thirsty nation. They are also extremely rich and about to embark on infrastructure improvements that make the US's highway structure look like building a McDonalds. So, the demand for oil will be from them. Yes, US demand is in the 1990s levels... but with China guzzling the oil barrels, total demand is a lot higher.

2: Venezuela leaders and others are in Russia today. People forgot about 1972 and 1973 and the US oil embargo, which destroyed the economy until the 1980s. This can easily happen again. OPEC tends to get the prices it wants, and even though fracking might have increased supply, most of the wells done this way are depleted or near depletion, so the "golden" era of this is ending, especially with states like New York banning it wholesale. So, supply will go back down, and OPEC will ensure it stays down.

3: China is building their own canal across the Americas. This way, they can get their oil from Venezuela a lot more easily, completely bypassing any influence from the US.

4: Congress changed. Already, the solar subsidies are on the chopping block, and in January 2017, it won't be a surprise when the next President yanks the solar panels off the White House. Big Oil is now firmly in control of the US again.

5: The Keystone XL pipeline and a repealing of the ban on selling US oil overseas are pretty much guaranteed to happen. This means that any US oil will be trading at world prices.

6: As always, we are always one incident from price spikes. Should someone have a heart attack at a refinery, prices for crude will be back in the triple digits.

7: Alternative energy has grown, but most people's cars are still fueled by gasoline or diesel. If we had more electric cars, they effectively run on solar, wind, coal, nuclear, geothermal, hydro, or many sources. However, internal combustion engined vehicles require fossil fuel to run, and barring a major battery development, will continue to do so.

To, tl;dr... it is nice to have gas prices as low as they are, but they are going to be back to what they were in 2008, if not to $5-$6 a gallon by the summer. Oil prices are controlled by supply and demand, and demand is high due to a thirsty China, and supply is easily removed from the market.

Comment: Re:Two things (Score 2) 402

by mlts (#48823613) Attached to: Ask Slashdot: Migrating a Router From Linux To *BSD?

The ideal is to have the router on its own bare metal, perhaps sitting on a hypervisor (Xen, ESXi, pick your poison), so if the router's VM gets compromised, the bare metal hardware cannot be attacked (video cards can be reflashed, even keyboard firmware can be augmented.) Plus, if snapshots are used, it can be restored from a snapshot if need be. Modern type 1 hypervisors can be well locked down so that compromise from a VM is extremely rare, especially if the management port cannot be touched from any of the VMs on the hypervisor.

Another possibility is to use vSwitches and have your fileserver be a VM, with the PFSense instance being connected to the VSwitch that the external Internet NIC is on, as well as an internal VSwitch for the file server, and the internal LAN. One can get fancy from there, and create three vSwitches so one can have a working DMZ. The advantage of virtualizing everything is that hardware changes are easier, and "oh shit" mistakes can be partially mitigated by wise use of snapshots.

Comment: Re:First look at what EFF has to say. (Score 1) 156

by mlts (#48823279) Attached to: Your High School Wants You To Install Snapchat

That is an OK guide, but I do disagree with the "are past messages secure if keys are stolen." If an attacker gets messages, and then snarfs keys, there is at best obfuscation in place that can protect the messages.

Of course, there can be mechanisms to have keys that are ephemeral, such as having one's main public key be a signing key, which is used in a D-H transaction to generate a temporary set of public/private keys, and when the parties are done with the conversation, dump the temporary keys on their endpoints, making the messages unreadable.

I personally like keeping the encryption process separate from the messaging protocol. Ages ago, PGP Desktop use to be able to sit atop of AIM, MSN, and other chat platforms, offering transparent encryption completely independent from the messaging program. The advantage of this is that one can "pack their own parachute" when it comes to trusting keys, and that it would take companies colluding to push out a ninja update to both steal encryption keys and messages.

Comment: Re:"and they may be bought for their assets." (Score 1) 314

by mlts (#48823177) Attached to: Radio Shack Reported To Be Ready for Bankruptcy Filing

RS/Tandy had some absolute gems though. The one thing they had with their machine which no PC has since done was having a usable copy of DOS in ROM.

This is a very simple thing. If a PC had a ROM image of either Linux or a BSD, or even a Windows PE image with recovery tools, it would make life a lot easier for support staff in general. Add hooks for iLO support, and it would be a big asset for IT, even if it is just booting into the recovery OS to wipe the drives to repurpose the box.

For the individual user, having a recovery OS would be extremely useful. First, one can run AV tools to scan and find rootkits. Complete, bare metal backups would be doable. One can do a disk scrub to look for errors without worrying about interfering with what stuff is in use. If a HDD is going bad, and it can't be booted from, one can dd a disk image before the drive completely dies.

I am actually surprised that no modern PC offers this. SSD isn't that expensive, and a recovery image can easily fit on 4-8 GB of space. If a PC can store firmware, it can store an OS recovery image and have it available.

Of course, an ideal would be a recovery image, and another image for reinstalling the OS (or perhaps both in instance, similar to how Solaris 11 ships.) That way, no matter how severe the HDD failure, the machine will always be usable.

Comment: Re:Fuck Me (Score 5, Informative) 552

by mlts (#48814909) Attached to: SystemD Gains New Networking Features

I try to stay out of the systemd fray... but it goes against the core of UNIX... which is the KISS principle.

Init should start tasks, possibly stick them into jails or containers, and set resource limitations. Having something do everything including the kitchen sink is just asking to get hacked down the road unless millions of dollars are spent on source code audits.

As an IT person, results are important. What does systemd provide that previous mechanisms didn't. Parallel startup? I don't boot servers that often where asynchronous startup of processes is a big issue. Resource limits? Doable with the shell script that gets plopped into /etc/rc.d. I'm just not seeing the benefit, but what I am seeing is a gigantic amount of code which touches the entire system, giving me concerns about security and stability, and there have been a number of articles on /. about systemd, to the point where people are even forking distros just so they don't have to deal with it.

"This isn't brain surgery; it's just television." - David Letterman