Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:Use Full Tunnels (Score 1) 264

by netcrusher88 (#27942573) Attached to: Dealing With ISPs That Use NXDomain Redirection?

Split tunneling is a pretty trivial risk. Your typical home computer doesn't do forwarding (not to mention nothing would know how to route) and if the box is a zombie, it's a zombie - not talking to the C&C servers directly instead of via the corpnet isn't going to impair the bot software.

Split tunneling has nothing to do with the DNS issue. Configuring internal DNS servers is 100% solid if not essential advice for any VPN.

Comment: Re:Oh gawd , not microkernels again *yawn* (Score 1) 376

by netcrusher88 (#27744227) Attached to: Europe Funds Secure Operating System Research

I dunno - will it really improve things if the FS driver has to talk to the disk driver on a different CPU? Sure, the kernel could maybe be smarter than that, but... I dunno. Either you use all those cores and take a hit on interprocess communication, or you don't use all the cores and waste some of that power.

Besides, is there any reason a macrokernel couldn't be threaded? I thought they already were.

Comment: This is a standard timing attack (Score 1) 108

by netcrusher88 (#27351629) Attached to: Researchers Can ID Anonymous Twitterers

The application to twitter anonymous accounts is creative, but otherwise it's a standard timing attack. If user A is active while anonymous data B is passed, user A has a higher chance of having generated data B than the rest of the population.

Looks like there's some number-crunching using timing of past tweets and whatnot to see if the user is likely to be on, too. I like that.

Or it could be I'm completely misreading it.

Comment: Re:Bull (Score 1) 830

by netcrusher88 (#27162255) Attached to: Apps That Rely On Ext3's Commit Interval May Lose Data In Ext4

Actually, Active Directory is a REALLY nice configuration frontend for LDAP and Kerberos, among others. Of course, it uses a nonstandard schema and is a pain in the ass to integrate with because of it, but that doesn't change the fact that AD is nice to use, and is in fact a rather good implementation.

Comment: Re:Lol (Score 1) 936

by netcrusher88 (#27146963) Attached to: Living Free With Linux, Round 2

Can't speak to other distros, but Ubuntu has GDebi integrated into GNOME, which means your Skype install looks like this, with a base Ubuntu system:

1. Go to
2. Click the Ubuntu download link. The fact that you're using Linux is autodetected and the Ubuntu part is easy to figure out because the logo is visible at all times on the toolbar.
3. Double-click downloaded file (or tell Firefox to open it), which brings up a "Software Installer" window (GDebi, though that branding is hidden)
4. Click Install Software, then enter password when prompted.
4a. GDebi handles any missing dependencies via APT and installs the package.
5. Find Skype under Applications->Network

Only extra step beyond Windows there is entering your password when prompted, and that is, from a usability standpoint, equivalent to UAC.

Comment: Re:What are you trying to do? (Score 1) 904

by netcrusher88 (#27130585) Attached to: Locking Down Linux Desktops In an Enterprise?

So you password either the BIOS or the bootloader, or both. And runlevel 2 won't help. You're thinking of runlevel 1, single-user mode - which usually requires the root password to get into.

The other option is doing something like init=/bin/bash as a boot option, which locking down the bootloader prevents, and booting a different OS, which locking down the BIOS prevents. This is not a difficult problem.

Oh, and Group Policy is no better than CFEngine or parrot, both of which can override the root password and system configuration back to what it was before the user mucked about. The workaround in both cases is to just disable the damn thing while having local admin, though for GP I think that does involve leaving the domain. Which doesn't block a knowledgeable user from anything anyway.

Comment: Re:How about: less douchebaggery? (Score 4, Informative) 904

by netcrusher88 (#27130513) Attached to: Locking Down Linux Desktops In an Enterprise?

Which is not the same as 'sudo rvi'. You can set sudo to only allow certain commands, so if you allowed 'sudo rvi', you couldn't run 'sudo ~/vi'.

sudo filters by the command executed (I've seen things restricted to full command line - i.e. sudo killall -HUP ircd but not sudo killall ircd).

Comment: Re:2-node failover solution is probably a net lose (Score 1) 298

by netcrusher88 (#27038851) Attached to: Best Solution For HA and Network Load Balancing?

Actually 2-node active-passive can be a very good idea.

Let's say you have two nodes behind a load balancer (only way to replicate functionality active-active... you could do the thing where one server is static though, like youtube does). You need a shared filesystem, so you need another node to act as a NAS. What if your app is database-backed? You can stick that on the NAS, probably. But then it's not redundant.

It's really just simpler to have unidirectional replication, then script it to switch direction upon failover. The Linux-HA project makes it relatively easy, since they've been working on that for years.


The Broken Design of Microsoft's "Fix it" Tool 165

Posted by kdawson
from the teething-problems dept.
$luggo writes "Curious about MS Fix It, I recently went hunting in the MS knowledge base for articles that provide the new EZ-button. After locating on few, I decided to click the button to download the Microsoft Installer package containing the executable and/or files that automatically enable the DVD Library feature in Windows Vista Home Premium and Ultimate — on my XP Media Center. 'Surely, MS will use some scripting, HTTP User-Agent sniffing, or even Genuine Windows validation to verify that I am running Vista,' I thought. It did not and I canceled the download when I received the prompt to save the file. So, I wonder: is there a Fix-it for Fix it? Because I can easily imagine someone doing what I did without scrolling to the bottom of the KB article and verifying that the article applies to their OS/version. This is a great example poor design. Why not simply use the download approach that other articles / fixes / service packs use, whereby the user must select the appropriate OS?"

Comment: Re:no kidding (Score 1) 330

by netcrusher88 (#26719861) Attached to: Students Call Space Station With Home-Built Radio

Actually, contacting the ISS out of the blue is fine. You can prearrange it too, turn it into a kind of publicity thing - like they did here - but you can track the ISS on a site like Heavens Above and then just use any Amateur Radio set on the right frequencies to talk to them when they're above - search for ARISS (Amateur Radio on the ISS) for details. It takes a bit of luck to catch them when they're awake and chatting though, and you only have a short window every 90 minutes or so.

I am a computer. I am dumber than any human and smarter than any administrator.