Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Comment: Re:Offsite (Score 2) 446

Two copies, one safety deposit box as otherwise mentioned here, and the other with your lawyer. If you don't have one, with a trusted relative who ALSO has the 2K+ software and/or hashes needed to rejuvenate the data, intact.

Only offsite works. I've been through floods and fires, and curious children and pets. Only offsite works. Forget the rest. You need to test it annually in the restoration phase, too. Keep copies of the keys.

Comment: Re:What is required to secure the Internet? (Score 1) 27

by postbigbang (#49375847) Attached to: Book Review: Future Crimes

Right.

And how many civilians do you know that can do that? But we let them anyway. I know sysadmins whose knowledge of CVEs amounts to a "what's that?" answer.

The sales efforts to ensure that we're all using SaaS, popular websites, and social media with new bright shiny stuff that can store photos, too, all makes everyone fail to remember that these machines are loaded with their assets, and they need to understand them to protect those assets. Nah, you make more money by selling them a new hard drive and some AV stuff.

Sorry-- I never explain conspiracy when sloth and making another buck is the better explanation.

Comment: Re:And the almond trees die. (Score 4, Insightful) 417

by postbigbang (#49313135) Attached to: How 'Virtual Water' Can Help Ease California's Drought

Ummm, no. Although this happens, an increasing amount of silage and dark waters have contaminated many crops, and not just in CA. Were we to actually PROCESS the silage in a way that stanches e.coli, salmonella, protozoa, and other contaminants ranging from aspergillus to non-fungals and unknowns, a vast amount of efficiencies increase.

The best idea, IMHO, is to deploy widely sustainable practices that involve the highly fluctuating variables of rain, market fluctuations, and yields. Too much of this revolves around dice-rolling techniques, and "I'm gonna be rich if I plant a few orchards" mentality. No one likes the edicts of public policy, but simple planning goes a long way towards sustainability.

Our current opaque public policy mechanisms prohibit this.

Comment: Re:screw the system (Score 1) 284

by postbigbang (#49209441) Attached to: UK Gov't Asks: Is 10 Years In Jail the Answer To Online Pirates?

Tangible vs intangible is a huge difference. Ten years is a stiff deterrent and doesn't really fit either crime, depending on the value. In the case of say, check/cheque fraud, forgery for gain, converting property/conversion, these have a directly cost that can be calculated and audited. Intangibles, the crux of various publishers, is more difficult to do.

Although stealing is horrendous, the RIAA/MPAA/publisher's actual injuries/damages aren't what they claim them to be, IMHO. Ten years is too much.

Comment: Re:No, Never, for Any reason. (Score 3, Insightful) 734

by postbigbang (#49192351) Attached to: Ask Slashdot: Should I Let My Kids Become American Citizens?

I'd say: yes, do it, with your children's consent. No consent? Don't do it. Tell them at 16, they have to make a choice, and tell them what it means to them. Remember that twenty years in the future, many parts of the world will mature. Which one matures for them means having choices.

Comment: Re:how ? (Score 1) 324

by postbigbang (#49161857) Attached to: Ask Slashdot: How Does One Verify Hard Drive Firmware?

If you had a valid, uncompromised version of firmware, and were able to substitute it, and look at the streams, you could compare one stream to the other, uncompromised vs suspect. At some point, to do its work, the suspect firmware has to cough something different, be it an altered MBR, or something else to allow it to do its job. Otherwise, its sits in firmware forever doing nothing. There needs to be a routine, an exercise, comparing known vs unknown to assess what it does to a stream, or to infect/root its host.

I get the feeling that the NSA attack is likely focused on a fairly select few, otherwise the C&C traffic would be heavy enough to otherwise detect. A rooted machine may stay asleep for a long time, perhaps forever, but at some point, it has to wake up. Change your IP address to a CIDR block in Iraq and see if your router suddenly lights up.

Summary: to do its work, it has to either talk to something or infect/root the kernel or something the kernel uses a lot, otherwise, it's useless except as a local attack. It has to assert itself, and using known vs unknown analysis is perhaps the only real way of making it show its footprints in the snow.

Never appeal to a man's "better nature." He may not have one. Invoking his self-interest gives you more leverage. -- Lazarus Long

Working...