Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Comment Meanwhile... (Score 1) 80 80

This UK citizen would rather under-18's didn't do shit and/or post about it online such that might later affect their lives.

Take some fucking responsibility for yourself from about the age of 10/11, as the law states, and if you cock up, learn to live with the consequences.

Sure, we'd all like a time machine that could erase certain mistakes but why the hell should we legislate some cyber-time-machine that actually removes indiscretions posted publicly?

Not only that, it just won't work. You can't just erase facts forever. And if you could, the infrastructure capable of doing that is more open to misuse from adults than anything else I can think of. I bet there are certain UK politicians at the moment that would like to conveniently forget paedophiles in the Houses of Parliament, not to mention the last drug-taking, prostitute-hiring British peer in charge of parliamentary ethics.

Comment Re:Eventuality? (Score 5, Insightful) 467 467

Hint:

An article about yet-another-buyout / possible closedown of the site gets 150-ish comments, most of them crowing on how bad DHI have treated us.

I'm pretty low-numbered nowadays, yet I used to be the "newbie" on here.

The Reg gets more comments per article and has a lot more articles. Even SoylentNews gets not-much-less than Slashdot does and that's basically a startup Slash-clone.

Site is not what it was, it would be quite a trick to bring it back now.

Comment Sell it cheap. (Score 1) 467 467

AKA "Fuck, we can't make money by just buying an established site and then trying to shove our shit into it without consideration of our userbase".

To be honest, I'm already elsewhere - even paying to go elsewhere in some cases. Slashdot is just nostalgia nowadays. Partly because of the various DHI "user monetisation" cockups.

Comment Re:Most people won't care (Score 1) 102 102

The size and complexity of modern CPU's mean that you don't stand a chance at getting a no-backdoor assurance for anything useful.

Down on this scale, on microprocessors and IC's, it's possible but incredibly difficult. If you were serious about no-backdoors (e.g. military), you'd not be using an off-the-shelf American product. You'd be describing the chip you want to build and validating the end-product against your design. Because that's the ONLY way to be sure.

There is absolutely no guarantee that your phone, the box in your phone cabinet, your network switch, your router, your PC, even your TV does not have these sorts of backdoors (especially if you consider dormant-until-activated backdoors on devices). We've reached the complexity where it would take far too long to validate any one design.

As such, if you want that sort of assurance you have little choice. Antiquated, tiny, powerless chips at best. You might be able to validate a Z80, but you wouldn't even get close to, say, a decent ARM chip at a few hundred MHz - even with the designs able to be licensed (the NDA's associated with licensing such things would probably stop you talking about any backdoor legally anyway...).

If you want a modern PC, you literally have no choice. The chipset on your motherboard is so complex as to be unauditable for an end-user, or even a skilled professional. We can just about decap and understand some 80's arcade game chips, and then only if they are simple and of certain types. Some of the protection / security chips are still complete unknowns from that era.

You can care all you like. What you can't do if even knock up a Raspberry Pi competitor without having to spend inordinate amounts of money and using proprietary components that you can't inspect somewhere along the route.

Comment Re:Wait, what? (Score 1) 57 57

You're missing the point (though the practical implications are the same).

The check on whether the code was valid was only run if the user typed a code into the box. Typing in random letters wouldn't validate. Typing in a valid code would.

It was an oversight that the checks existed but never actually took place in the case of null, not that they were not capable of validating codes.

As such, rather than just "Let's make up random codes and then ignore them and validate anything", the thought process was "Let's generate codes, validate them properly, but oh shit, we forgot to validate this path".

Although the results are the same, the implication that they never intended to use the code for checking against is wrong. As such, it appears to be a coding oversight which allows an authentication bypass, rather than deliberate laziness masquerading as security.

Comment Updates (Score 2) 316 316

Automatic updates are fine in principle.

But every update breaks 1% of the things it hits. It's as simple as that.

For home users, that wasn't a problem, because they have one machine so might survive hundreds of updates before anything goes wrong.

On networks, it's a damn nightmare. Even with homogenous environments, you're looking at one thing broken every update, or thereabouts.

The problem with forcing auto-updates is that it doesn't solve the reasons people turn auto-updates off. The main reason? People have suffered breakage like this of previously perfectly working systems. And to the point they get BSODs or complete failures to boot, not just "oh, something's slightly slower or they moved an icon around".

To a professional environment, it's a 10-minute re-image. To a home user, it's days without the machine while they pay someone to look at it, who does two seconds work and charges a fortune, for something that they aren't likely to understand (and if they tried it themselves, might well end up breaking more than they fix).

It's the wrong way round.

I get that you want to keep thing secure, but breaking graphics drivers for EVERYONE isn't the solution there. In fact, more of a risk is some virus getting on the machine and crippling auto-update anyway. I see that as the only way for the virus to survive any length of time - if it allows random patching then it's entry method will fix itself.

So, auto-patching by default doesn't solve the problem there - malware will still stop them happening and so persist security risks. But users who are following all the guidelines are getting BSOD's and crashes and unbootable computers because of the quality of the updates, not to mention the junk shoved into them (malware scanners, adverts for the next version of Windows, etc.). That's just backwards.

The one thing that annoys me about any software is lack of choice. Why CAN'T I have the old start menu back if I want? It's really not that difficult to supply it as an option. I will go out of my way to reintroduce those options if necessary. I don't care what you want as the default, I care about being able to select MY CHOICE.

And that's what they are planning with Windows 10 updates - removing the choice such that you can't stop a known-bad update propagating to your machine unless you spend lots more money on enterprise-level versions of the OS and dedicate a server to the task. Given the number of bad updates pushed out in just the last year, it's a disaster waiting to happen.

I can, and will, find the option to disable it, just because you MADE me do so. If you'd just put the option as default (like it's always been) but allowed me to disable, I could at least say "Woah, there's a dodgy update for Windows 10 making the news - I will stop it until I'm sure MS has fixed the problem". The alternative is really VM'ing it and rolling back - and if I'm going to have to do that, fuck Windows, basically.

It's a nice sentiment, but MS has proved that it can't be trusted to not put tons of junk into "critical security updates" which it doesn't label properly (and puts in adverts for Windows 10 that you then struggle to rid yourself of into such updates). As such, I can't leave them to make the decision as to what's critical for security and should be forced to my machine, and what's not.

And if an nVidia driver - whether or not it can be fixed by a clean install - might just one day get forcibly updated and cock up a machine, that's not something I want to have on a games machine which has only the barest of connections to the net behind a firewall. It really doesn't need all the latest Windows Updates if all it is is a games machine with, say, Steam, and doesn't download third-party shit and just plays games and goes out on a handful of high-numbered gaming ports. Especially if the risk is some random nVidia driver being shoved onto the machine and breaking it (hell, some drivers for nVidia will ramp up the temperatures etc. on your hardware because it mis-supports them!). I could almost VLAN the damn thing off my network entirely if necessary.

Sorry, MS, but I can only hope this is one of your stupid "Let's announce something ridiculous and then recall it the day before release so we can say we 'listened to customer concerns'" announcements.

I'm going to be getting a lot of extra work from friends and family if this goes ahead and, to be honest, I just don't want that.

Comment Re:Okay but using a typical browser for download (Score 1) 117 117

Your use case is very last decade.

Nobody downloads single files over HTTP for anything serious. Half my users don't even understand what a ZIP is, and those that vaguely do think of it only as a folder.

Streaming, multiple cloud servers, torrents, etc.

A Gigabit isn't to have a 1 second download. It's to have multiple downloads simultaneously at the speed that only one download can enjoy now. Hell, even web browsers download multiple things in parallel from a website nowadays,

Comment Re:So you have it.... Now what??? (Score 1) 117 117

60Mbps = 7.5MBps.

Not sure at all that I'll judge my future spending on someone who doesn't get this.

Gigabit has tons of uses and don't equate "ISP's" with "consumer-only ISP's". Businesses will happily pay for Gigabit speeds, therefore small businesses will do too, therefore work-at-home people like graphic designers or similar will do too.

It's not a question of whether the hardware can take it (the ISP's can always supply compatible hardware because nobody knows what the fuck ADSL2 vectoring, or DOCSIS 3 is, so the ISP has to supply sufficient shit anyway). It's a question of is the value there? Are there limits? Is it available? What's the install cost? How much are you paying per Mbps? etc.

60Mbps is fine but lots of people need more. It would take you two days to download my steam folder alone. Put several kids in the house, a mother who works from home, a father who mirrors the family photos to his brother's house, etc. and you're fucked.

There's not really an upper limit on what Internet speed I would like. Maybe one endpoint can't flood my connection (I wouldn't want it to) but nowadays there's a lot more than one device online, one user online, going to one destination.

Fuck, on 60Mbps (which IS more than I currently use at home myself, but because of cost nothing else) it would take me all day to sync my Google Drive to a new device, for instance.

Comment Nope. (Score 4, Insightful) 114 114

Tomb isn't a successor to TrueCrypt, for me at least. Not even close.

TrueCrypt's selling point is NOT an encrypted container. We can do that any number of ways, not least just encrypted loopback, but all of them leak the same amount of information.

Truecrypt's selling point was full disk encryption and a bootloader that hook BIOS interrupts to allow live, in-memory, OS-agnostic transparent decryption. That's not something you can do with a shell-script.

Anything not full-disk-encryption is worthless is the machine is stolen - it probably takes minutes to find the key in swap-files and unlock the containers if they've been used recently. The plain-text is probably still lurking around on disk as temporary files etc.

The only reason I used TrueCrypt was that you could full-disk encrypt and nobody could get in without modifying the hardware of the machine and then getting me to enter my passphrase. Not something that a thief was going to be able to do. It means it was Data Protection compliant, that you could afford to lose the entire machine and not worry, and that it didn't matter what you did with the machine underneath, what OS, what partitioning, etc. even fake partitions with false copies of Windows, etc. in them.

Sorry, but your slashvertisement is exactly what it says - a shell script around some basic command line utilities. It's nowhere close to a TrueCrypt replacement unless your use-case is extremely trivial and - actually - not that secure at all.

As it is, I don't think there's currently a product I can use that I can trust complete boot-time control of, except for TrueCrypt and it's directly-compatible replacements. I will look at various projects as they evolve but, for me, the winner will be whoever gets a UEFI bootloader first.

Comment Re:The reason why it appears fast (Score 1) 405 405

Not large, the C drive was only 100Gb because it came from such an old original disk originally, and I just tacked partitions into the spare space whenever I imaged the drive to another disk. If it was more than 5-10Gb, I'll be shocked.

And, I mean YEARS of serious usage, running networks in the day, running 1000 Steam games of an evening, doing all sorts of shit overnight. EVERY DAY. For YEARS. As the only user on it, as the only user I used, as the network manager at my workplace and hence using it for everything from domain management to VM creation to web browsing at lunchtime.

Sorry, but computers "slowing" is something I'd spot instantly, even over time, and computers DO NOT SLOW. They are the same clock-speed their entire lives. The software may do more but at the same Service Pack level, that never happened on XP SP2. Anything is just having more shit running. Even the disc was probably humungously fragmented by the end but -as said - I don't defrag and only ever byte-for-byte imaged (literally, dd on Linux!) when it moved to a new drive.

It's a question of what's running now that wasn't before, not how long you've had it.

Check your startups, services and running processes. Adobe Updater? Quicktime? Those Intel junk icons that do nothing? etc.etc.etc. It's the crap you load on it all the time, not how long you've had the disk, that slows a computer down.

Comment Re:No Point without SecureBoot (Score 1) 405 405

Strange, I've deployed two entire Windows 8 networks and not once had an UEFI boot option enabled.

In fact, in one case, I had to get the BIOS manufacturer to issue a new BIOS for two models of laptop that - when using non-UEFI boot on Windows 8 on encrypted disks refused to boot at all. It wasn't Windows 8 related, the boot process hung if a certain disk offset (corresponding to an empty flag on a whole-disk NTFS partition) wasn't zero. Kinda cocked up all encrypted disks, and any non-Windows install but was a BIOS problem (not even UEFI!) and was quickly patched when the prospect of returning an awful lot of hardware as "not fit for purpose" came up in discussions.

In fact, every machine I have that has UEFI - server or client - gets it disabled or, at absolutely minimum, pushed to the bottom of the boot options underneath "Legacy BIOS" or however they want to refer to it.

I can't see Windows 10 being any different but I could be wrong but... actually... that's not even OUT yet, so it's kind of a moot question at this point.

Comment Re:The reason why it appears fast (Score 1) 405 405

I call bollocks.

My XP image followed me from XP SP1->SP2 install right the way until 3-4 years ago without a single reinstall.

Manage it and it's just fine. Install tons of shit and never uninstall it and it will get progressively worse.

Used that machine virtually 24x7 (8 hours in work, all evening gaming, left on overnight to download shit and process transcoding and stuff) - the disk even went through three machines in that time and apart from that BSOD you get when you change from whatever-it-was to whatever-it-was on the hardware (and stop a service running at startup to cure it?), and one point where I had to move it from IDE to SATA disks (shows the damn age!), the image was the same "install" for years.

User profile was no larger than normal at the end of it, registry had some unnecessary crap from uninstalled programs but I never once ran a registry cleaner etc. It's a database, it doesn't need to read the whole damn file to get to the registry entry you request. The drive was NEVER ONCE DEFRAGGED (last time I did that, I had a 20Mb hard disk!).

Clean your startups, make sure the things actually RUNNING aren't any more or less than usual, and it's absolutely fine to keep the same install without it getting any slower.

Comment A return to performance? (Score 3, Informative) 405 405

Is it just me that feels that this isn't a win for Windows 10, but actually a degradation of Windows Vista/7 and - to some extent - 8 in terms of performance losses at those points?

I know that XP -> Vista and XP->7 felt like backward steps at times in terms of performance, and were accompanied by a similar ramp-up in terms of realistic minimum specs. It just seems that in 8 (which is as fast as 7, if not faster, as far as I can tell) and 10 are actually coming back to what they should always have been?

Just junk like Superfetch services and Windows Search - I feel if you were to optimise those more efficiently that they'd easily show a performance improvement. I know that disabling them certainly does (fun fact: Disabling Windows Search on Windows 8 stops you installing new keyboard languages!).

Windows 8 has been my last two mass deployments and, with a few third-party-cured interface problems, is just as good to the users as 7 was, but actually boots, resumes, etc. much faster. And the amount of sheer built-in hardware drivers is phenomenal. I no longer need several images to image dozens of types and models of computer, laptop, all-in-one, etc. just one image will do with maybe a tweak if something requires the very latest graphics drivers.

Windows 10 appears to be continuing this trend of a RETURN to performance, rather than performing miracles. Hardware hasn't got much faster since the Windows 7 days - maybe a core or two more, maybe a graphics card upgrade, but the base CPU/RAM/disk are pretty much in the same area.

I mean, it's good either way. But it shouldn't be shocking. Optimised versions of 7 were sold with netbooks for years, and their hardware was severely limited for a long time. It was just a matter of turning junk off.

My min spec of "Dual or-more-core anything with 4Gb RAM" has held for several years in a row now for business systems, and can be satisfied for a virtual pittance. Only very recently have I contemplated enhancing that to 8Gb of RAM and maybe an SSD as a luxury, but the rest is pretty static.

Comment Re:Account Lockout and Intrusion Detection (Score 1) 157 157

Locking genuine accounts because of automated spam against them? That's just not going to wash for any public service that contains common usernames, i.e. every school on the planet with a user John Smith.

You can't just lock every user out because of a handful of random user checks. That's the point of passwords, if you don't have the password, you can't get in.

Reject early, yes.
Reject with limits, yes.
Reject multiple attempts from the same IP, yes.

But this is a BYPASS of such mechanisms. On one connection you are allowed to make multiple attempts at authentication WITHOUT the SSH server kicking you off - so it bypasses all those above protections. It's hardly "yawn", it's more like "oh shit".

Patch when available, people. But lock users accounts? That's just going to wipe out the public service you're offering in the space of minutes, and generate more calls and problems for IT than just about anything else.

"It's the best thing since professional golfers on 'ludes." -- Rick Obidiah

Working...