Follow Slashdot stories on Twitter


Forgot your password?

Comment I like my Q10 (Score 2) 127

I bought a Q10 a few months ago after years of trying and then abandoning other smart phones. I managed to use it without signing up for any accounts for several weeks. I can run android apps on it without rooting the thing. You can port QT apps to it with ease.

My phone uses MY servers for its data not someone one elses. That data link is fully encrypted and under my control.

BB apps make more money for most app developers than iphone and android apps.

The main problem with the thing is they managed to screw up the "screen lock/power" button so the thing turns off in my pocket. The thing has 39 buttons so they should drop pressing the top button to power off and require something like the top button and hold down "P" to power down and top button and "U" to unlock. I don't know how they could screw up something that has been well know for so long.

Comment Re:RAID is not backup. (Score 2) 174

Alos remember that the RAID controller in the NAS might be the only thing that will ever be able to read the drives so if lightning takes out the NAS, so long all the data even if the drives don't get zapped.

RAID also doesn't quite ccope with the problem that on large sotrage systems, the MTBF means that something is always broken and undetected and it is only going to get worse.

Comment Re:Oh just like Sword of Fargoal? (Score 1) 77

Rogue was the most popular and cloned by many others. Moria on the Vax (780?) pushed the limits of the machine at the time and aparently the limit of the game features was based on what could be tested using the test program that would check that new changes could be won. The odd thing is that it was written on a one off VAX (ouvax?) that had been an odd upgrade research project when DEC had a crazy idea that they could do field updagrades from PDPs to VAXen.

Comment Re:Jane the virgin (Score 1) 307

It follows the formula of Soap from 1977. Take an absurd idea and just push the boundaries in a semi-plausible way for some effect. Soap operas have been doing that since the early days of radio. The TV show Soap used that formula and in place of the absurd romantic ideas, tried comedy and pushing the edges of social issues that could be shown at the time.

Comment Re:Mach messages vs sysv messeges (Score 2) 165

Mach messages are much faster than SysV but not up to the speed of Solaris doors (which have some odd security issues but drop context swtiches). The SysV streams message system is based on the SysV IPC which is based on SysV shared memory and SysV semaphores. That stuff came from the early 1980s when a 2 CPU WE32000 in a 3B20 (or 5 or 15?) was the reference design for the biggest hardware Real UNIX (TM) would run on. Since that came from AT&T who wanted to make mainframes but had to have phone switches so their semaphore system was designed to work with things like a 5ESS phone switch where doing the right thing on failing hardware was better than doing anything fast.

Comment Re:Dear Orrie, (Score 1) 229

UFS on top is pointless.

If you run a major credit card processing system you will find CC numbers in all sorts of places from file names to any field any user can type in. That needs to be overwritten at the block level and no major OS allows that today.

I'm in Australia and I find a dozen or so SSN per year. I've seem where people used SSN@gmail or CC_number@hotmail as email addresses that work.

When I say I need a file system where I can overwrite stuff, I mean I need it. Let me do it.

The file system encryption is only used if the disk goes wonky and gets pulled and some how misses the machine shop downstairs where it should be turned to dust.

Comment Re:Dear Orrie, (Score 1) 229

Assume someone sends you batches of data including SSN or credit card numbers. if you put them in a ZFS system, you can't comply with any sane security procedure. Maybe the ZFS bit is encrypted but the raw device will decrypt for you.

You need to have a overwrite the raw blocks option.

As far as the funky time, that is remote exploitable from Solaris 2.5 on to most recent. You can play bios attacks, forth firmware games, NTP and at least 3 other vectors. It DoSs runnings systems dead (and should havea CVE number)

Comment Watch out for old hardware (Score 2) 75

If you have old SSH1 only type devices (like old switches and routers), you might not be able to talk to them anymore after this update. You might want to keep a version of 6.6 around as ssh1 to talk to the old stuff that can't be upgraded to newer stuff.

Comment Dear Orrie, (Score 1) 229

Due to Mary Ann Davidson's statements I'll post this here.

If you manage to get a Solaris clock set before 1970 the loader doesn't work. It means that anything running will keep running but you can't start any new programs (including init and shutdown). Talk about a great way to keep a sysadm out of a system.

There is also no way to wipe sensitive data from ZFS file systems. You need an option to say "this pool overwrites blocks" so that scrubbing works correctly. The reasons for this will come to light when the flaw in your ZFS encryption hits the press. Maybe you can put this in Solaris 11.3 since that is still in beta.

Thanks for taking security seriously.

Comment Re:The NSA has done several things to help securit (Score 1) 105

I suspect the reasons is the s-box numbers help with an ECC/parity like feature that weakens things that has been known for more than 4 decades, at least to some people.

Hack your friendly crypto program that does des/aes/whatever to dump out s-box state at the end of each round and ask your self why are some bits always in a known state for a given key every so many rounds. Then ask can this be used to do an inside-out attack and then ask why is there only one non-s-box related cypher in TLS 1.1 and 1.2 and they aren't the same.

Then sleep well at night knowing your crypto is safe.

Comment Once upon a time... (Score 2) 178

Long ago on usenet, someone who seemed to be against the long term copyright extensions was asking people to send in video of politicians singing happy birthday in public. I don't remember the specifics and I suspected it might have been a lobist or someone working for the rights holder.

I still think it would be cool for someone like the EFF to start collecting this so the next time Disney wants another 20 years, they can come out and list a whole bunch of pirates that are in congress.

Another megabytes the dust.