Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re:Stone Age... (Score 3, Informative) 343

I've looked at an off grid cabin for weekend vacations. A few portable propane cylinders would cover the fridge (assuming a pound/liter of LP gas a day), and it would also cover a water heater.

Solar wouldn't be cheap, but for a few thousand, I could place a number of solar panels, have them feed in via 1-2 decent MPPT controllers into a set of AGM batteries (so watering the batteries isn't an issue), then have a decent PSW inverter coming off for use. Because lead-acid batteries destroy themselves if they go under 50% SoC, take the expected ampere-hours you plan to use, and double it, at the least. This would easily handle almost anything but heating/cooling and the well pump (which can use 1500-2000 watts each.)

The trick with the well pump and an off-grid cabin, would be to run a generator so the pump can move water into an above ground storage tank 250-2500 gallons, then from there, a much smaller pump that runs from 12 volts can pump water from the tank into the cabin.

Of course, come Texas summers, that is what a generator is for on a weekend basis. I can get 8-20 hours of use from three gallons of gasoline in a 3000 watt Yamaha inverter generator, and for a small cabin, a 10k BTU A/C is more than enough to cool it down, assuming some semblance of insulation [1]. As an added bonus, with a converter (rectifier), it is a way to help keep the batteries topped off if the panels can't keep up with use.

Disclaimer: This is a vacation cabin. For a real house, it would cost over $40,000 for a solar panel setup that can handle the amp draw of the well pump and the A/C.

Of course, there are other items like waste water (I like using a cassette toilet and having cartridges on hand, since those can be dumped down the commode safely and legally once back home, and gray water can be filtered and recycled in a settling tank so it doesn't destroy the ground around it.)

[1]: Ironic thing is that if solar panels are mounted with air space between them and the rest of the roof, they function as shade, doing a decent job at keeping the place cooler, even though the panels are likely at around 150 degrees (66 degrees C) on a hot day.

Comment This used to be the case in the past... (Score 3, Interesting) 191

Early inkjet printers basically did this. The ink bottle was replaceable, but what ended up happening is that the nozzles got easily clogged, so a number of printer makers went with replaceable ink reservoir/nozzle assemblies. Similar with laser printers which had separate toner/drum parts, but eventually, those were merged into one unit, so all consumables were in one unit.

I'd just be happy with larger ink cartridges. It is sad how few milli-liters most cartridges have, and when one weighs the cartridge full, before loading, and empty, it drives the point home.

Comment Re:This is not news (Score 2) 74

I've been using ad-blocking extensions for 10+ years... I've found that blocking ads is a lot more useful than any AV program (barring Malwarebytes which actually blocks by IP) ever can do.

Toss a VM/sandbox into the mix, and security is decent. Not 100%, but good enough to resist most attacks.

Comment Re:3D Storage Crystals (Score 1) 54

Holo storage was supposed to be out back in 1991-1992 (Tamarak), then about 10 years later, InPhase supposedly had a drive for it, but never made it to the market (IIRC).

Would be nice if that technology would get off the ground, but so far, it has been nothing but vapor. I would wager Half Life 3 comes out well before then.

Comment Re:Too bad (Score 2) 54

What HDD makers really need to do is stop focusing on price and make a line of drives that is made to be archival grade. For example, there was a line of drives with two read/write heads that worked in an active/active configuration.

What might be even better would be to make a standardized, rugged drive cartridge case, similar to iMation's RDX. Something that can handle drops, be gripped easily by a tape silo's robotic mechanism, can handle tens of thousands of mounts/dismounts, has built in encryption, the ability to have WORM functionality (similar to late gen DLT drives where the cartridge can be formatted as normal or WORM), and so on. The drive can be presented either as a tape volume, standalone JBOD hard disk, or part of a RAID set (and inserted/ejected at the same time with 2-3 companions.)

Moving HDD to a backup/archive use as opposed to primary storage will keep this technology relevant, as opposed to trying to fight with SSD (which is a better primary storage technology [1].)

[1]: In all ways but recovery. An SSD goes bad, there is no way to recover the data, period.

Comment Re:Too bad (Score 1) 54

XPoint 3D still has a ways to go with price (and the fact that it isn't out in the field yet.) It is still too expensive to be a 100% replacement for SSD, just like SSD is too expensive to replace HDDs everywhere.

However, XPoint 3D does have its uses. Loading the core OS, application, and kernel come to mind as well as having a swap volume (pretty much the same concept as mainframe "external RAM" which was slower.)

Comment Re:What algorithm/primitive? (Score 2) 124

Shor's algorithm only is usable with asymmetric algorithms, so AES isn't really affected. The part that is affected is only done during the handshaking process, so if the parent is right and long lived connections [1] are used, this might soften the blow somewhat.

[1]: I've wondered about a trade-off of space for CPU and having the TLS protocol negotiate a master session keystream (pretty much a sequence of interim symmetric keys that gets consumed to make session keys, and when the last one gets consumed, perform another handshake and fill up both sides with temporary keys again.) The downside is that the web server would have to store about 1-4k worth of data per machine connecting for a short amount of time, but the upside is less time for negotiations.

Comment Re:No thinking needed, actually. This is just stup (Score 2) 210

I saw the same shit with spam. I used to receive a lot of backscatter from some spammer using my E-mail address as a fake from address. I received a ton of threats, random DoS attacks, mailbombs, ping-floods, and a lot of stuff because various dipshits couldn't understand the basics about what an open relay was.

The more ironic thing was finding out that before the deluge happened, I got an extortion letter threatening that postmaster and other E-mail IDs on the web from the site would be used as fake originations.

So some business with the absolute bargain-basement IT staff, chock full of bargain-basement novices is going to decide if a compromised workstation the receiving department at another company is sufficient cause enough to shut that firm down? This would be like carpet-bombing an entire office building because a bank robber ducked into the building's lobby.

Here is where real/virtual separate and analogies doesn't work: It is not difficult to cover one's tracks, especially with how many botnets there are on dynamic IP address ranges.

Comment Re:What algorithm/primitive? (Score 2) 124

High volume server farms doing lots of web transactions. A 20% addition might mean having to have that many more servers behind the load balancer to handle the algorithm's added CPU load.

However, if it does protect against an up and coming attack, that penalty might not seem as bad compared to a protocol break.

Comment What algorithm/primitive? (Score 2) 124

They went into Shor's Algorithm, ECC, and such... but the article doesn't seem to show what algorithm they decided to go with that is resistant to quantum factoring.

Are they going with something lattice based?

Would be nice to have more details on what they came up with... 20% performance can be important, but what is more important is how the algorithm resists different attacks.

Comment A VM... (Score 1) 89

Probably the best fix for these shenanigans is a VM. Since the VM has no clue what battery status it is running on, nor CPU (especially if you use CPU masking), there is a lot less an advertiser can go on, especially if the VM is rolled back to a clean snapshot after each browsing session.

However, this does nothing against browser fingerprinting (actually nothing really does help here.)

Comment Hasn't this been done before (read P3P) (Score 2) 72

We already has a privacy initiative, something called P3P which fizzled. DNT went nowhere, and this project is probably going to go nowhere as well.

The reason is that there are many, many companies whose basis of existence is to intrude as much as they can on the user browsing a site. If they can inject adware/malware, they would.

Real DNT consists of AdBlock, click-to-play or FlashBlock, then keeping the Web browser separated from anything vital, be it in a VM, sandboxed, or both. That way, LSOs or other "super-cookies" left behind are dealt with.

Comment Re:Meh (Score 1) 72

I'd add a Windows VM, sandboxIE and a VPN onto the list. It isn't as secure as TOR, but it does at least put a speed bump in place if someone is on your LAN trying to do shenanigans.

Eventually, I might put the VM on a vSwitch with a PFSense firewall, so I can set up a router ACL to drop all the bad sites there, but keeping the web browser running as a non admin user and in a sandbox will do a lot, and if there is some API calls that the sandbox program doesn't catch, it still has to get out of the VM.

Comment YouMail does this quite well... (Score 1) 70

I've been quite happy with YouMail for exactly this. It not just transcribes messages, but allows you to save the voice mails, not to mention ditch problem callers, either those on the robocall lists or people you don't want to deal with.

Plus, it can play a different voice mail greeting per caller if you want.

Of course, this works regardless of phone. If I'm using my iPhone, it works. I swapped the SIM to my HTC device? Still works. No platform lockdown.

Comment Re:DMA (Score 1) 111

This is an issue of "won't", or "not worth bothering with" as oppose to "can't". What it boils down to, is the "security has no ROI" philosophy. If a machine gets hacked? The maker can just throw up their hands and said the bad guys would have gotten into it anyway. This seems like how the entire IoT ecosystem is designed

We started down that road in the 1990s, as PCs went from being in physically sturdy, secure, lockable cases with real locks (Medeco, not just those four-pin cylinder keys), to machines that don't even sport a Kensington lock slot.

Companies can make secure products. It took five years for the PS3 to be cracked, and the latest generation consoles are being attacked by the world's best and brightest, and still not even a mention of a break has been seen. Satellite piracy is at 0% now. Even speed-hacking in WoW has been effectively stomped out.

If just a little bit of effort was put in, such as only allowing firmware to be flashed with signed packages, and enforcing that on the device itself, this wouldn't be an issue.

Of course, keeping malware away from hardware is a solved problem. Maybe it is time for all computers to have a built in hypervisor and run everything in VMs, which provides isolation from the hardware, and keeps firmware flashing attacks from happening.

"What people have been reduced to are mere 3-D representations of their own data." -- Arthur Miller