Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re:Oops (Score 3, Insightful) 504

Were they ever really relevant, or has it most always been a lifestyle magazine for fetishizing technology? Vanity Fair for Macintosh users who fancied themselves high tech? The kind of thing the CIO keeps in his office to show he's "up to speed"?

The only people I've known to read it wouldn't know TCP from UDP and have stronger opinions about icon design than cryptographic hash functions.

To be sort-of fair, I have flipped through it a few times and found a few articles that were interesting, but it's really kind of a design-centric version of Popular Science with more emphasis on computers and networking.

Comment Stupid complicated pricing, limited choices (Score 1) 81

CenturyLink just put in fiber optic internet in my neighborhood and offers up to 1 Gbps speeds, but doesn't support static IPs. I've been using Comcast business and mostly don't mind what I pay for business class to get a /29.

I've been toying with the idea of switching to CenturyLink and running a pfsense instance on a cloud provider somewhere. Most generic Internet traffic (TV streaming, web, etc) would go out the CenturyLink dynamic IP and server traffic would get routed via IPSec to the pfsense instance to the cloud-based public IP addresses. This worked technically when I tested it with a virtual lab.

The Amazon cost estimator makes it seem mostly reasonable for compute and transit -- my actual server traffic is trivial, and even with generous CPU usage estimates it looked kind of reasonable.

The downside is that Amazon is very Linux oriented. There's a marketplace AMI for pfsense, but they want $500/year and creating your own is non-trivial. There are some FreeBSD AMIs but turning one into a working pfsense would be non-trivial as well.

I'd be tempted to try this just to kick the tires and see if the idea executed well in real life (like, no absurd latency or CPU utilization with the IPSec tunnels, etc) but I hate Netgate's AMI pricing so much I'm not even willing to shell out the $20 it would cost to run it for a week.

I'm sure there's a better place offering this or letting you install it yourself, but I can't easily find it.

Comment Re:Roll-back as in play-back? (Score 2) 69

Like, they record how the ATM communicates the authentication portion of the transaction, and replay that same communication with the ATM until its stored cash has all been dispensed and it's now empty?

Had this fantasy in the 1980s when I noticed the student union ATM had what looked like an exposed Cat-3 phone cable sticking out of it. I naively thought "what if it's a modem, and you tapped the line, reverse engineered a withdrawal transaction, and then replayed the withdrawal ACK endlessly until you sucked all the money out."

As it happened, 20-odd years later, I ended up at dinner with the guy that ran that ATM network at the time. One, he said that was most likely a leased line, not a dialup, making the interception of the more complicated than an analog modem. Two, he said there was anti-replay and encryption built into the system even then.

His advice was to just steal the entire ATM.

Comment Re:static linking on windows (Score 2) 148

It does leave you permanently vulnerable to any flaws in the particular version of the library you linked against, or such is my understanding.

The assumption being that anyone (for most definitions of anyone) knows what DLLs their application loads and what the status of their patch levels are.

I still static link though because whenever I upload something (using a video filtering plugin) at least one person won't have the right runtime installed at all.

Which IMHO is the main mitigating factor -- what's the actual security risk versus the functional risk of the wrong library breaking the program?

I don't know if its technically possible, but it would be interesting to use a computer where everything was statically linked to see how much worse resource usage really was.

Comment There's the economics, too (Score 1) 171

Then there's the value economics, too.

Endurance testing have revealed modern SSDs to be remarkably reliable -- this guy wrote 7 PB to an 850 Pro. http://packet.company/blog/

But let's say the failure rate is N% higher than HDDs for a given application. But the drive itself is much faster and uses less power than a HDD. What number N is acceptable as an increased failure rate in exchange for the vastly improved performance?

In an array, the performance increase may allow the use of single parity over double parity due to the increase in rebuild times and reduced stress on the other members, resulting in better overall storage efficiency through reduced redundancy. Then there's power savings, too, if you're spinning and cooling a large number of HDDs.

My wild guess is that drives like the 850 Pro already have a dollar cost and failure rate low enough that the performance improvement is so great over HDDs that for most applications it's already superior to HDDs. The only places it may not be are weird corner cases requiring extreme storage densities at very low costs.

Comment Re:Whatever happened to the micropayment idea? (Score 1) 346

Computationally, the overhead is kind of trivial.

If you're relying on the traditional credit card payment network then the cost overhead is high along with all the attendant accept credit card payment overhead.

But if you had a centralized micropayment service, the overhead gets down to a much lower level.

In an ideal world, such a service would be run as a non-profit (whatever skim would just go to running the service). Users would add funds to their micropayment account via normal methods to consolidate the usual banking transaction costs. The micropayment system could have some built-in checks, ie, users could set a maximum micropayment per site, or per time period, etc.

All of this sounds suspiciously like a clone of paypal with some added features for a micropayment system.

I think the bigger issue is establishing pricing and its attendant value. What's an article or web site visit *worth*? How much are you willing to spend per month and what kinds of quality expectations do you have over free, and how much quality can a site expect to deliver for some kind of micropayment? Is it just ad-free content, or is there some expectation of more quality by consumers to make it even worth 10 cents per site visit?

Comment Re:No such thing (Score 2) 346

There seems to be some outer limit to this, at least at more legitimate sites because I see a lot of fake articles labeled as "sponsored content". Maybe I'm dreaming this, but didn't the commerce department make some noise about needing to label sponsored content as sponsored content? Or is this something that more legitimate news sites are doing to not totally alienate their readers?

Comment Whatever happened to the micropayment idea? (Score 1) 346

Why didn't this concept take off?

Did it just get co-opted by Google making it relatively easy to collect micropayments for your site with mostly non-intrusive advertising?

Lack of a centralized micropayment infrastructure and some method of subscribing and collecting payments that couldn't be trivially gamed? Lack of any agreeable billing model -- ie, unlimited use subscription vs. per visit/content, inability to calculate pricing model due to volatile perception of value?

Perhaps a general user objection on sites dominated by user-created content (eg, forums) where, in theory, adding content adds value to the site?

It seems like a reasonable idea, especially if it can be combine a lack of advertising with financial support.

Comment Re:No such thing (Score 5, Interesting) 346

Maybe a generation change will fix this.

I worked at an ad agency at the dawn of the commercial Internet. The people on the advertising side of the business had all kinds of problems adapting.

The print people wanted it to be another print medium and were frustrated by their lack of layout control and font selection. Their tool was giant images with click regions because they could basically export an Illustrator file as a graphic, so you'd end up with sites that were just a giant collection of images with click regions that led you to more images with more click regions.

The TV people treated it like another TV set, at first with just inserted videos, next with semi-interactive Flash animations that still had all the intelligence of a one-way TV commercial.

Perhaps in the not-too-distant future the people who didn't grow up on standard, commercial television or tweaking print layouts down to the pixel AND who came of age frustrated by overlays, popups, interstitials and understand ad blocking will become ascendant and stop imposing old thinking on the web.

Comment Re:"people are more connected today", really? (Score 1) 89

Maybe "connectedness" contributes to the partisanship.

The most stable societies often seem to be the ones with the least diversity. It seems like the fewer the internal differences among the population, the fewer reasons to be partisan -- the other guy looks like you, speaks like you, prays the same, eats the same, lives the same.

Connectedness makes people aware of differences -- the other guy looks different, talks different, prays different, eats different, lives different.

Something about humans makes the other a competitor or an enemy.

Comment Does it affect functionality at all? (Score 1) 566

In true Slashdot fashion, I didn't read TFA just the TFS. Assuming that the source is capable (ie, did everything practical to disable telemetry, including any weakly published registry settings, etc) and is accurately counting firewall hits (how many of these are one telemetry source retrying relentlessly?) and not attempting to be an anti-MS shill, this really sucks that disabling it per MS instructions doesn't actually disable it.

That being said, does it affect functionality? Does stuff not work (for all definitions of not work -- from not all to pokey slow because it's trying and faiiling to hit a telemetry server)?

While I would expect corporations with an eye on security to object, I would also expect places like that to have a fairly stern outbound firewall policy and filtering system that would block a lot of telemetry by default, mitigating some of this but still not eliminating the annoyance of a machine that does what it wants.

I'm also curious how much analysis of telemetry has been done. Do we know what processes on the machine are responsible for telemetry, and are there any ways to disable them? Have the telemetry messages been analyzed to develop firewall rule groups to block them by IP, URL or DNS?

Slashdot Top Deals

Business will be either better or worse. -- Calvin Coolidge