Become a fan of Slashdot on Facebook


Forgot your password?
Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×

Comment Re:Dear Orrie, (Score 1) 229

UFS on top is pointless.

If you run a major credit card processing system you will find CC numbers in all sorts of places from file names to any field any user can type in. That needs to be overwritten at the block level and no major OS allows that today.

I'm in Australia and I find a dozen or so SSN per year. I've seem where people used SSN@gmail or CC_number@hotmail as email addresses that work.

When I say I need a file system where I can overwrite stuff, I mean I need it. Let me do it.

The file system encryption is only used if the disk goes wonky and gets pulled and some how misses the machine shop downstairs where it should be turned to dust.

Comment Re:Dear Orrie, (Score 1) 229

Assume someone sends you batches of data including SSN or credit card numbers. if you put them in a ZFS system, you can't comply with any sane security procedure. Maybe the ZFS bit is encrypted but the raw device will decrypt for you.

You need to have a overwrite the raw blocks option.

As far as the funky time, that is remote exploitable from Solaris 2.5 on to most recent. You can play bios attacks, forth firmware games, NTP and at least 3 other vectors. It DoSs runnings systems dead (and should havea CVE number)

Comment Dear Orrie, (Score 1) 229

Due to Mary Ann Davidson's statements I'll post this here.

If you manage to get a Solaris clock set before 1970 the loader doesn't work. It means that anything running will keep running but you can't start any new programs (including init and shutdown). Talk about a great way to keep a sysadm out of a system.

There is also no way to wipe sensitive data from ZFS file systems. You need an option to say "this pool overwrites blocks" so that scrubbing works correctly. The reasons for this will come to light when the flaw in your ZFS encryption hits the press. Maybe you can put this in Solaris 11.3 since that is still in beta.

Thanks for taking security seriously.

Comment Re:The NSA has done several things to help securit (Score 1) 105

I suspect the reasons is the s-box numbers help with an ECC/parity like feature that weakens things that has been known for more than 4 decades, at least to some people.

Hack your friendly crypto program that does des/aes/whatever to dump out s-box state at the end of each round and ask your self why are some bits always in a known state for a given key every so many rounds. Then ask can this be used to do an inside-out attack and then ask why is there only one non-s-box related cypher in TLS 1.1 and 1.2 and they aren't the same.

Then sleep well at night knowing your crypto is safe.

Comment Once upon a time... (Score 2) 178

Long ago on usenet, someone who seemed to be against the long term copyright extensions was asking people to send in video of politicians singing happy birthday in public. I don't remember the specifics and I suspected it might have been a lobist or someone working for the rights holder.

I still think it would be cool for someone like the EFF to start collecting this so the next time Disney wants another 20 years, they can come out and list a whole bunch of pirates that are in congress.

Comment Larger projects? (Score 1) 79

It would have been more interesting to see major projects like Apache/http, gcc or core python and perl but I expect they had an easy way to pull their data from GitHub. It also reads like a rejected academic paper. It should have started out the list stating that TF=1 is bad and TF>1 is better.

Comment Re:That does not add up (Score 1) 431

40% plus 55% of that 40% for next years is 62K. If it is calculated as 22% on the first $25k, then he owed 35,300 in just income tax (or 54,715 if including the 55% prepay assuming no credit). If it is his own company does he pay both the employee and employer part of social security for another 44%. If that isn't progressive, he is up to 79% with those two taxes but that doesn't include any deductions. Or maybe with deductions, that could be 28k income tax with ss deduction, 15k for next year, 16k+28k for ss for 87k or 59k if part of the ss came from the company.
I would guess that property taxes are also related to income either because of pensioner discounts or because people with more money tend to own more expensive houses which tend to be taxed higher.
Also how much of the left over money was spent on things that was taxed at 6% or 23% for the VAT? That would add somewhere between 2.5k and 10k. So 60k before any special taxes doesn't make the other 16% unlikely.

Comment Re:Win95 UI + BSD/Linux OS on ZFS (Score 1) 484

The sort order was changed in 10.6.0. It was refixed in 10.8.something but sometimes the order of the or windows apps changes and the then being able to hit two keys and know what is going to happen goes out the window. I've found it frustrtating enough to downgrade versions of OS X.

Comment Re:It's the end of the world as we know it! (Score 1) 307

The idea of using port bits was around in 1992. It migth have been where the / notion orignated as a way to say would take two bits off the port bits.

The interesting thing about this is that core routers and swtiches won't care at all and anything that is doing NAT can already do the translations needed. The problem is 1) the notation and 2) which bits get used. If more programs supported DNS SRV records, then this would be completely transparent.

Comment What were they testing? (Score 2) 195

They asked the people to report a box showing up? That isn't normal when driving, therefor the test its self might be distracting.

HUD displays should only be used to display info that is normally checked anyway like the speedometer as well as things like the new IR cameras that can detect deer near the side of the road which will be invisible. Having displays pop up some virtual brake lights on a stopped or slowing down car is fine but it has to be done right. It took aviation decades to get the basics for instruments right. The stuff that looks cool on a HUD demo in an office isn't what will work best in cars on a dark foggy road.

Comment There are too many lies in the ad business (Score 1) 194

The reason TV adverting was expensive was that slots were rare and there was far more demand for the good slots than there were slots. The ad guys did a great job showing the world they were good honest people who were helping their clients sell stuff. This is why the honest guy who would never do any wrong in Bewitched in the 60s was an ad man. The show was there to sell more advertising. The clean ad man image has changed in recent times to a image of a person who can manipulate anyone into buying a worthless product but that too helps sell more TV advertising.

The rarity of slots did matter in the early days of TV and as a result, several industries were changed. In the early days of live broadcast, only car dealers near the TV stations could go live but people were so impressed in the first months of those ads that they did work and and other dealers would buy larger lots near the stations and created a new type of car dealership. Those dealers grew rapidly, not so much because of the ads but because of the influx of new buyers as the two car family became the norm. The TV ads didn't tip the buyers, it tipped the dealers into buying more ads. Even today car advertising is a significant part of tv station income.

Remember that the customer of the advertising is not the final consumer who buys the product, it is the marketing department of a large corporation who pays for commercial tv and the advertising business has many ways to prove their ads work even when the sales figures show they might be running off customers.

Now the internet ads are over saturated, they aren't worth anything yet idiots keep paying lots of money for useless ads because they think they work. Even google is playing the old tv ad game with their analytics package which helps show businesses how well the ads are working. Too bad that details slip through like you pay for a specific key word and you find out that most people are trying to avoid results with that word but using google improperly so you pay $5 per click for people who will never buy your product.

Comment A lot of effort to make sure bits aren't leaked (Score 2) 64

Why do so many systems still use the hashed root or admin password to seed tcp sequence numbers? Cisco, Sun, IBM and DEC all started doing it about the same time. So who suggested it to them and just how many groups know how what it takes to pull bits out of that hash?

Of course you can't flap your arms and fly to the moon. After a while you'd run out of air to push against.