Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Comment If my customer had multiple zero days, I'd look (Score 1) 232

If one of my customers' machines were infected with multiple new zero days, I'd expect to find more information about the infection, and maybe another zero-day or two, by looking in that folder. I'd "tell* the client-side agent to send me the entire folder. I'd be thinking "this customer is going to love me for finding this really nasty infection" and I'd get as much information about it as I could.

I've found a LOT of infected machines, mostly web servers, and I've never had a customer complain that I got too much information for them about what's going on. When I call or email them they want to know "how badly infected is the system? How did the bad guys get in? How long has the infection been there?" They'll hold on the phone anxiously awaiting more answers while I dig through their system, so based on my experience over 20 years I'd expect the customer to want me to dig up as much information as I can.

Comment $125 * 48 months = $6,000 (Score 1) 113

The big ISPs install fiber where there are a lot of customers (lower cost per customer) and try to sell their triple play packages, internet, phone, and TV, with upgrades like HBO.

Comcast's Triple Play of cable, Internet and digital voice has three tiers based on the features that a customer may want priced at $130, $160, and $200.

If we assume most customers come chose a low tier, or don't get all three services, we can conservatively estimate $125 / month average (some customers get the deluxe sports package and HBO and ...). 48 months of service at $125 is $6,000 / household.

So why do munis have so much trouble paying off their capital spend? Munis tend to do put more fiber in less densely populated areas, increasing their capital cost per customer. They may not offer the same service packages, with premium TV channels and such. Instead, they may focus on internet, leaving customers to pay Netflix,is Hulu, Amazon, etc for the content. That reduces their average revenue per customer even if the customer is spending more overall by purchasing content from other companies.

 

Comment I skimmed the book, didn't find a single tax dolla (Score 1) 113

I skimmed through the 350 pages of that book and didn't find a single mention of any tax money whatsoever spent for any private company to build their fiber in any city in US.

I did find a pissed off author who is very creative in his arithmetic. His basic argument is as follows:

Telcos should spend 25% of their revenue on wireline upgrades. (No real justification for that number, just from his ass.)
If you ignore Uverse, FiOS, and other major upgrades, the remaining minor upgrades are less than 25% of revenue.

Comment Can you give even one single example in any US cit (Score 1) 113

Can you perhaps come up with even one example of any city in the US where privately-owned fiber was installed with tax dollars? Anywhere? You can easily look at the annual reports of all the ISPs and telcos and see the billions of dollars they spent, do you see a single dollar of tax money anywhere?

They only projects I know of that involved tax money were failed municipal projects, where after the city got tired of losing money on a project that wasn't working and it went dark they later sold the dark fiber to a company like Greenlight, who brought it back to life, actually serving customers using what had been a multi-million dollar waste by the city.

Comment I came on a little strong, negative. Jus be honest (Score 2) 113

It occurs to me my post was a tad negative, a reaction to yet another misleading propaganda piece on Slashdot. I'm not saying that muni can never work, some might work out okay - just be honest about the numbers. Honest numbers might be something like "on average, muni customers pay $10 less and are responsible for $3,000/household in debt used to build the network". If we'd use honest numbers we could have a rational discussion rather than a propaganda war.

Comment Thanks. I probably wouldn't (Score 1) 232

> Eugene Kaspersky himself said that happened

Ah, thanks - I hadn't seen that. It certainly makes sense though - someone was trying to be safe by using Kaspersky, and Kaspersky was trying to do their job by taking notice of new malware on their customer's computer.

> and he told them to immediately delete all copies of the files.
> Someone perhaps didn't?

I'm not sure I would have deleted *all* copies if I were in that situation. :)

Comment The "study" also ignores most of the cost for muni (Score 2) 113

Building a fiber network is expensive - much more expensive than running it for couple years. The first two municipal fiber projects I looked up cost the taxpayers an average of $3,200 per household to build. Whether you want it or not, every resident had to pay to build it and that's the bulk of the cost.

The monthly subscription fees which cover the cost of maintaining it after it's built are a small portion of the cost. Rather than listing a muni such as Lake County as $40/month, if the "study" were intellectually honest they'd list it as "$3,200 up front, plus $40/month". That's the actual cost to residents.

  Promoters of these schemes hope that one day subscription revenue might pay back the cost of building the network, but that's never happened yet, to my knowledge.

For *some* projects, bonds are used in such a way that taxpayers will only have to pay the shortfall, the difference between what subscription fees bring in, minus expenses vs the cost to build it and financing costs for that cost. They hope that shortfall might be zero, but often it's thousands of dollars per household.

Most often it's a mixture of bonds, where taxpayers pay the shortfall, and direct tax dollars. For example Lake County was promoted as "financed by bonds, won't cost the taxpayer a dime", but in fact they've spent $15 million in local tax money $1,400 for every man, woman and child in the county, whether they get the service or not, plus state and federal tax dollars.

Chattanooga is probably the biggest "success" hyped by muni fans, and with good reason - it's not losing millions of dollars a year like some are. In fact, it's just started to make payments toward maybe eventually paying back some of the $97 million of taxes used to build the network. That's the big success they point to - so far taxpayers are only out $90 million and it's not getting worse at the moment.

Comment How Kaspersky accidentally hacked the NSA (Score 2) 232

Bringing the thread back on topic, my experience at work shows how Kaspersky would have accidentally "hacked" this material.

For my day job I write software tools which scan networks, checking to see if any computers on the customers' network are vulnerable to any known vulnerabilities. Occasionally the antivirus/anti-malware that is mandated by corporate flags our on tools as likely malware. That makes sense, because our code looks a lot like malware code - we seek out vulnerable hosts, checking each to see if it's actually vulnerable. After that, our system reports to the customer where their vulnerabilities are, but to anti-virus / anti-malware systems our code resembles a threat. Our code also closely resembles some of the NSA code, which was basically malware. Our company has to conform to certain security standards, and those standards require all desktops and laptops to have anti-virus / anti-malware, so we aren't supposed to just disable it, even though it's troublesome when it flags our own files. Right or wrong, bureacracy requires that our systems have this protection.

The anti-malware vendors program their software so that when it detects a new strain of likely malware, it sends a copy back to the vendor so they can learn about the new malware. That's typical so they can provide better service by continually adding new detection for new malware varieties.

If, due to bureacratic fiat or any other reason, anti-malware were installed on an NSA system which had a copy of the NSA kit, I'd expect the anti-malware would detect a few of those tools as being possible malware infecting the system. (It is basically malware, after all). Standard practice would be for the anti-malware system to send samples back to Kaspersky, so they can update and improve their detection. Some low-level analyst at Kaspersky would receive several new zero days all "infecting" one computer. Since there are several and they are new, they'd alert their boss and Kaspersky would/should take a look at this customer system that contains several new zero days. Maybe look at the folder the zero days were in to see if more new threats are there. In the same folder the zero days came from, they'd find the NSA manual on how.yo use them. Suddenly Kaspersky would have the NSA kit without ever doing anything more than doing their job as expected.

The policy that would cause this to happen - without any malice by anyone, would be a rule that "all NSA desktops must have anti-malware installed", combined with choosing Kaspersky, a foreign company, as their vendor.

Comment Reading comprehension on Slashdot (Score 1) 170

Using the reading comprehension of Slashdot commenters as a gauge, I'm not a bit surprised that AI (or a child's toy) has better comprehension. Just this morning a guy here said "high explosives ... nobody is talking about low explosives" - in a thread about black powder. His own previous post said "explosives like black powder". Far too often, Slashdot commenters don't even comprehend their own posts, much less the article.

Comment HE yes. Which is why I said LE "like black powder" (Score 1) 183

Yes, high explosives don't require confinement to explode, or much confinement. As I said, they are also much more difficult to make or acquire especially to make safely.

  Which is why I discussed the two separately, saying "simple explosives like black powder", flash comp, etc ...
If they have ready access to modern high explosives ...

I can make LE at Walmart or Home Depot, using items readily available in those stores. HE is a different animal. If I tried to make HE from readily available ingredients, there would be a significant likelihood I'd die.

Comment What in the world would make you think that? Wrong (Score 1) 183

> I don't think you grasp why so much weight is in the casing... which is to produce shrapnel.

First, what in the world would make you think I don't know why I build my casings the way I do? Second, you are mistaken about the reason. With a low explosive such as black powder, flash, etc casing thickness is all about the pressure developed. Unconfined, these explosives don't so much as explode as burn quickly. The explosion comes from what's essentially a pressure vessel explosion. The burning composition produces a lot of gas very quickly, which creates a lot of pressure. Eventually it blows like a balloon that's been inflated too far. A weak casing will rupture exactly like a balloon - weakly. A strong casing won't rupture until there is a very high pressure, creating a powerful explosion.

A casing that's TOO strong will waste weight, peel open instead of fracturing, and some point not rupture at all.

Next time you think about correcting you might first ask yourself "do I have a clue what I'm talking about?" When you're considering educating someone about what they do, maybe ask yourself "have I ever even once *tried* doing this? Do I really know better than the people who do this stuff?"

Slashdot Top Deals

Nobody's gonna believe that computers are intelligent until they start coming in late and lying about it.

Working...