Become a fan of Slashdot on Facebook


Forgot your password?

Comment Re:Libertarians are full of crap. (Score 4, Interesting) 207

It is not even theoretically possible for the freedom-loving individual to win against us statists.

On the contrary, historically, it has happened about once every couple of centuries, and usually begins and ends with a bunch of particularly egregious statists' severed heads stuck on the fence outside the palace. Then, inevitably, a new batch of statists claws their way to power, until eventually it gets so bad that the public does it all over again.

Comment Re: Hard to believe (Score 1, Informative) 804

Linux's end-user experience is way behind because their driver model doesn't play well with binary drivers over the long term. It isn't a question of whether the apps require drivers, but rather how many years behind the Linux graphics drivers are, how many devices don't work with it out of the box, and so on. Sure, the major GPU vendors are starting to open source usable drivers recently, but getting there has been an uphill battle for the roughly 17 years that I've been using Linux on the side. And when it comes to having a usable desktop experience, that's important.

Comment Re:They aren't banned... (Score 1) 944

And CFLs are also very slow to get up to full brightness at or below freezing. They would be nearly unusable as a refrigerator light. :) Fortunately, refrigerator-sized and oven-sized bulbs are not banned.

With that said, my new fridge uses LED-based lighting, which works quite well. Eventually, all the older refrigerators will die, which will just leave ovens, lava lamps, and outdoor lighting north of the freeze line. :-D

Comment Re:They aren't banned... (Score 1) 944

On the flip side, there are some situations where rough service bulbs are probably the only good alternative to incandescent bulbs—for example, the fully enclosed fixtures that most folks use in their hallways and porches. CFL ballast electronics and LED step-down electronics are typically designed under the assumption that they can breathe, and have a tendency to fail much sooner when they can't. And I'd be afraid to use halogen bulbs in those fixtures because of the higher temperatures involved.

Comment Re: Not true (Score 2) 241

Fully interchangeable, no, but they are somewhat so. It's more like saying that the transmission and engine are interchangeable. In a literal sense, it isn't true—neither can do the other's job—but you can make up for a weak engine by adding more gears.

Comment Re:For VPNs, or for routing? (Score 1) 213

A hardware router is distinguished from a software router by the fact that a software router is capable of executing general-purpose instructions.

We have different definitions, and thus will come to very different conclusions based on those definitions. To me, a software router means a router in which you install the software, and thus are in some sort of control over it, as opposed to a prepackaged all-in-one solution, where you (typically) aren't in control of anything other than its configuration. If you don't configure the software yourself, the router is essentially a black box, and whether it is using hardware-assisted routing or purely software routing doesn't significantly change the level of trust.

The reason the trust level doesn't change is that it is not really feasible to have a router that is incapable of running general-purpose instructions. Such a device cannot be configured usefully, except perhaps by swapping out a configuration ROM (which would be highly impractical in most real-world environments). I've seen lots of two-tier setups, where special-purpose hardware does the actual packet routing and a general-purpose CPU runs some sort of web or SNMP interface for configuring the device, but you still have a general-purpose CPU that can be attacked, and can then be told to reprogram those special-purpose devices to route or modify packets in a different way, up to and including diverting some portion of the traffic to a port on the general-purpose computer for deep packet inspection.

Therefore, black-box hardware-assisted routing is no more secure than black-box pure-software routing. From a security perspective, the only things that matter are the extent to which the software is under your control and the extent to which you trust the software vendor.

Comment Re:For VPNs, or for routing? (Score 1) 213

But your router is an integral part of your intranet. With a little more paranoia, I can imagine a router doing vulnerability scans, or proxying a device with more memory that can do the vulnerability scans, and giving some third-party access to your computing devices. Systems are often set up to share a lot on the local network, for convenience and because the intranet is considered to be "safe." If you don't want to be in a position to trust your router, then you really should consider your security boundary to be your computer, and distrust anything that leaves or enters your NIC.

Depending on your level of trust/paranoia, you should consider the security boundary to be your app and the libraries statically linked into it. By the time it gets anywhere close to the NIC, it is out of your control.

And yes, if your intranet is likely to contain actual secrets, you should encrypt everything as though it were a public network, and maybe also consider placing an additional firewall outside your router to do DPI looking for possible information leakage, unusual activity, etc.

With that said, your home intranet isn't likely to contain much (if any) data that isn't going to the public Internet, and assuming your switches are working properly, it should not be possible for your router to see non-broadcast traffic directed towards a different device anyway. Obviously, that reasoning fails if your switch is a managed device that can be potentially reprogrammed to change the switching behavior, but that's atypical for home networks, which I thought was the main point of discussion in this thread.

Comment Re:For VPNs, or for routing? (Score 2) 213

There is no such thing. A device that moves data from one location to another, using some policies to examine and transform it, is not just a "hardware" device.

That's completely immaterial. A hardware router is distinguished from a software router by whether it is or is not a general-purpose computer. Hardware routers range from that little D-Link all the way up to Cisco boxes. In the most extreme designs, the hardware provides a dedicated I/O processor that performs the actual routing functions, allowing it to route data considerably faster than a general-purpose computer can.

With just a little paranoia, I can imagine someone finding a way to get those routers to copy your traffic, or at least the headers, to some hostile entity. It doesn't take full knowledge of your traffic to destroy your privacy.

I think you missed my point, which was that yes, you could do exactly what you're suggesting, but it would be just as easy to do that at any router along your data's path to its destination. As soon as the data leaves your intranet, it's like sending a postcard. You should assume that it can and will be monitored by everyone and his mother. Therefore, there is no security concern because the data in question was never secure to begin with.

Slashdot Top Deals

"Card readers? We don't need no stinking card readers." -- Peter da Silva (at the National Academy of Sciencies, 1965, in a particularly vivid fantasy)