Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment So what - have you looked at VMware lately? (Score 2) 440

Have a look at the current pricing for VMware Workstation 7.1

If you pay in US$, they want $189.00

Currently AU$1.00 buys US$1.03 according to the TV, making that approximately AU$183.00

Click on the pull down option on th VMware store to convert the pricing to AU$, it becomes AU$277.00 - a markup of AU$94.00 or approximately 50%.

I've rung and asked them why the difference - and got some bulls**t about there being annual price adjustments based on the current currency conversion. The only problem is the last time that AU$ was low enough for that was back in the 1980's.

US companies regularly rip off Australians.

Comment Good product placement for education (Score 1) 241

Many education departments have licensing arrangements and good discount structures with Microsoft.

This is a product that they will be able to order from right out of the catalog, and at better prices than people are talking about here.

There are certainly many cheaper products out there (my favorite right now is the 'ET-STM32 Stamp') but if I was looking to build up an embedded computing curriculum for a school, these gadgets are well worth a look.

Comment Ah - did they just say they spy on their users ? (Score 1) 384

"Motoblur collects information about customer use of applications and how that use relates to functions like power consumption"

Are they collecting data on what apps their users use ?

Are they sending it back to Motorola for analysis ?

Does it mention anything about this in the customer documentation?

Comment 10M cards is a lot of depth for crypto analysis (Score 1) 251

Now is the time that Sony should start worrying.

10 million cipher-text objects with plaintext customer details is an interesting target for cryptoanalysis.

If you know the card details of some of the people whose cards you have encrypted copies on, you have both plaintext and ciphertext to work on. And to make it even better credit card numbers have a checksum algorithm built into the number, so you have a method of testing the resulting decrypts for validity.

Why do I think that someone is probably running some GPU assisted EC2 machines at Amazon on these now ?

The only 'secret' protecting those cards is how the numbers are encrypted.


Comment Doesn't this sound familiar to anyone ? (Score 1) 191

I can recall when Microsoft launched a product called Microsoft MS DOS 1.0.

It's main claim to fame was that you could take your existing CP/M code, and with a few changes make it run on their new product.

Of course all it did was suck programmers across to this new platform where people just stopped writing the old stuff.

Has someone reopened the old play book ? Hello, Bill - is that you back again :-)

Comment Vaporware or pipe dream ? (Score 1) 140

They don't appear to have an actual chip at the moment. From looking through their web site they have a design that can be downloaded to an FPGA, and a software simulator. That is a very long way from a real product.

Why would anyone think this is a viable idea for the open source community ?

Maybe if someone like AMD got behind it ?

Without a long term commitment from a reliable manufacturer to supply these at a competitive rate for 5+ years there is a large risk that people investing in designs using this chip will be left high and dry. They would be far better to look at some of the ARM derivatives where at least you are not locked into a boutique supplier. The only thing that could make this a useful idea would be the availability of FPGA chips at the same price point - not holding my breath there.

Comment It's an End Of Life planning decision (Score 1) 551

You can probably view the last allocation of IPV4 address blocks as a signal to look at your end of life planning process.

For a business it's a case of looking at upcoming purchases, and to either require that new purchases are capable of IPV6 out of the box, or otherwise have business units accept the lack of conformance and prepared to write the equipment off sooner.

Once vendors start seeing requests for IPV6 compatible equipment, they will either need to supply it, or watch business go to their competitors.

As far as 'board level governance goes', for the moment it's simply having a strategic plan that leads the organisation towards IPV6, an indicative date to aim for (say 5 years from now - little to fear now), and a statement that the detailed technical work needs to wait until there is enough technology and expertise on site to plan and implement the cutover. Unlike Y2K there's plenty of time to do this without too much shock or fear - but ample time to get infrastructure and skills.

Comment Why weren't the SIMs PIN protected ? (Score 2) 181

All SIM cards have the ability to specify a PIN to lock access.

The vendor who built this system should have used an encoded PIN to tie the SIM to the embedded system it was built into. That way the SIM on it's own is fairly useless without the rest of the electronics.

They also should have had a 'phone home' facility so that whoever is monitoring the system would have noticed when the systems were compromised.

Fitting tamper switches to the enclosure (door opened, removed from pole, etc would have been smart.

Checking the bills on the cards to see where they are calling, how much has been spent, etc would have been smart

That would of course require someone to be routinely monitoring the system (it's not like traffic lights are there to save lives is it) so that things like this are not a surprise.

This really sounds like a system built by the cheapest tenderer - not unusual for a government organisation.

Comment Re:Why have GSM cell? fiber / wifi / microwave / e (Score 1) 181

GSM is typically cheaper.

I've purchased GSM SIM cards on plans with no ongoing costs - you only pay for the data transmitted.

If the devices are not reporting frequently, and only need to send short messages indicating faults or general device stats (eg a daily 'all is well' SMS) then the transmission costs are quite low.

Embedded GSM modems are not particularly expensive either. You can buy a SMT GSM module from Sparkfun for under $50, and they are even cheaper wholesale.

The other technologies all need the deployment of a complementary data network. Given that most modern cities have some form of cellular network that is maintained by someone else, cellular is very cost effective.

Comment Make sure the contracts meet your needs (Score 1) 227

While you can get into the 'nuts and bolts' of the solution the vendor is offering (you have not bought it yet have you ?) you can minimise some of the risks you may face by transferring them to the supplier.

Have someone perform a risk assessment on the system - and focus on the quantitative aspects (ie what the cost to the community will be if it fails). Make sure that the contract has compensatory and insurance options in excess of those amounts, so that it is in the vendors 'hip pocket' best interests to ensure it does not fail. And of course make sure that the contract has provisions for review, should the potential impacts change or the vendor changes company name, is bought out, etc :-) (yes - i've seen that happen)

You could also have someone do a thorough risk analysis of the system (google up the NIST SP800-30 document) as well as have them supply a complete inventory of hardware, software, and services they will be using to deliver the solution. Again, NIST have an online database where you can look up what vulnerabilities are known for some IT products.

Have the vendor perform a detailed risk analysis of the system - see what they think are problems, and what are not. Where you see gaps - ask them and see what color their faces turn.

Have a look around to see what failures or disasters you have seen in SCADA systems, refer those scenarios to the vendor, and ask them what technical measures they have taken to ensure that a similar act could not happen to them

You should also have your own people clarify and document their own roles and responsibilities with the system - don't assume that you have the resources on hand to manage your side of the situation responsibly - again a risk analysis will help out there.

And of course get it all in writing.

Comment But what is Ubuntu intended to be ? (Score 1) 11

I guess the answer to your question is to ask what Ubuntu is.

I'm still working out 10.04 myself, and the OSX style look and feel is probably the best hint to the direction Ubuntu is going - it's a consumer oriented environment that is based on Linux, but is heading in it's own direction.

Just like OSX is Unix with bells on it (few would admit it), and Ubuntu is a free alternative with extras added on.

Ubuntu is the Linux desktop, with the intention of making it easy for end users. The poor people who support it will just end up sweating it out as they do supporting all the other commodity OS desktop systems.

I know what you mean about the kernel compiling - I always thought that the Ubuntu goal was to technically allow you to do it, but put enough obstacles in your way that you would give up and stop trying. Any kernel work I have done recently has been on other distributions :-(

Of course a cynic would say that the changes to the system are designed to keep those people who are 'Ubuntu Certified Professionals' recertifying year after year :-) I guess it's a case of finding whatever the current Unix is. Redhat may still be close (haven't played with it seriously since RHEL4 myself).

Maybe you should look at NetBSD :-) ?

Slashdot Top Deals

Never call a man a fool. Borrow from him.