Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment VPS is the way to go (Score 1) 442

I've used Virtual Private Servers (VPS) before, and agree that they are the way to get started. You get full access to the server, and so long as you buy a mid range package you should have ample power for a startup project. If your website traffic explodes then you can look at moving to a large dedicated server or to a cloud provider, but unless for the majority of websites those would be overkill.

I've written a blog post about VPS/VM vs Dedicated vs Cloud hosting providers before, coming mainly from an ASP.NET point of view. The bottom line is that you have to find something that fits your budget. And don't even think about hosting it yourself. If you really need to be able to scale quickly then Rackspace Cloud, Windows Azure, or AppHarbor are all viable options, but with the exception of AppHarbor they also all have a big up front price tag.

Comment Re:Can we get this in non-Amazon speak (Score 1) 117

EBS is basically like iSCSI, but far more complex. There's a lot of proprietary stuff they're doing with it.

Anyone know how it compares in speed to iSCSI or a SAN? From reading the report it sounds like there is A LOT more going on, and I have even heard of people using multiple EBS volumes in a "RAID" like array for faster IO speed. Sounds like way too complex of a system.

Windows Azure Drives are like EBS but they are simply VHD files stored in Page Blobs (Azure's version of cloud storage, similar to Amazon S3) with local caching on each VM instance. I assume they have slower read/write speeds then EBS but seem like they would be much less complex to manage/maintain then a completely separate proprietary storage cluster. Does Amazon have anything similar using S3 or RRS for backing virtual hard drives instead of EBS?

Comment More info: (Score 1) 156

More details about the attack can be found here and here. The original paper indicates that it affects may common libraries:

Another way is to look for known source code keywords. You can start by looking for code that imports low level cryptography libraries such as:

C/C++: OpenSSL, Crypto++
Python: PyCrypto, M2Crypto
.NET: .NET Cryptography, Microsoft CryptoAPI
Java: Java Crypto Extension, BouncyCastle

Then look for routines that perform encryption and decryption. If there’s some code to handle error while decrypting, and/or no sign of MAC usage, then it’s high probability you have found a target for the Padding Oracle attack. Regardless of which method one uses, the most important thing is to analyse and understand the meaning of error messages returned by the target upon receiving mangled ciphertexts. In short, you need to know when the padding is VALID, and when it’s INVALID.

Comment Microsoft spends much more on R&D than Apple (Score 0, Offtopic) 169

While Microsoft isn't making headlines in the consumer market, over the last decade they have pretty much caught up with or surpassed the competition in the business space (ex: Java, Oracle, PHP, Amazon EC2...). They have however recently started focusing on consumers again with Windows 7 and Windows Phone 7.

And while Apple's per quarter revenue is catching up with Microsoft, in terms of gross profit Microsoft still has about twice the margins that Apple does, which makes sense because software is cheap to produce and distribute. The research and development numbers show that Microsoft spends twice as much of their profits (8 times the total amount) that Apple does, which also makes sense because all Apple really does is find new suppliers with smaller/cheaper/better parts.

Comment Re:Opportunity knocking for AMD here... (Score 1) 324

The new Intel Sandy Bridge architecture is hoping to change people's opinions of integrated graphics. Anandtech got a hold of a sample chip that is expected to be released early next year, and they show that not only does it offer CPU performance comparable to older Extreme i7 chips, the new Integrated GPU performs on par with ATI Radeon HD 5450 which is a low to mid-range graphics card often used for home theater PCs.

Also the notebook/netbook models will have an integrated GPU that is twice the power of the desktop model that Anandtech tested, so they should allow you to play many 3D games at decent frame rates using their low to medium settings.

Comment Microsoft does not lose billions on any product! (Score 1) 497

Apple does not pay a dividend, so an increase in their stock price and related market cap is the only value that investors can benefit from. Microsoft does pay a dividend, and is willing to give a percentage of their profits back to shareholders (sometimes in large chunks). While Apple has done well as a growth stock over the last 5 years they may eventually need to pay a dividend if they want to keep investors happy.

Apple's big run started with the iPod on October 23, 2001, about the same time that Microsoft released Windows XP. Since then Apple has release a bunch of iDevices, upgrades to their core line of computers, and a handful of other products many of which have been very successful in the consumer market. Microsoft however operates in both the business and consumer market, and saying that they have been sitting and twiddling their thumbs on their Windows and Office empire for the last 10 years would be incorrect. In the same amount of time Microsoft has released:

Not to mention large investments in online search, software as a service, and cloud computing. With the exception of their Online Services Division (MSN, Bing, Hotmail, advertising) Microsoft makes significant income from each of their product divisions and has more than twice the income that Apple does. Many of their business products are doing very well, and Sharepoint recently became their latest billion dollar sales product.

I will admit that Apple's products are more popular than Microsofts, but that is because they are tailored to the consumer market. Most business uses Microsoft because it costs less and makes users more productive. I personally think that the Zune HD and Windows 7 are great consumer products, and the Windows Phone 7 is designed to compete with the iPhone as opposed to the Palm OS for Windows Mobile, so it will be interesting to see how the next 10 years progresses.

Comment Article from Guardian. Sounds serious to me... (Score 1) 329

Article about what was posted

It reported there had been an internet image showing a gun-toting man with a hand-written message reading: "Tomorrow last day of school. We gonna fuck up the bullies and leave this world 11/06/2010."

Another message said: "Tested it at firing range, we have two shotguns as well, it's locked in but tomorrow I have a key. St Aelred's Catholic Technology College, England, watch BBC."

If anything like that is posted publicly I would hope more than just the FBI would report it to the authorities.

Comment Re:We Got Hit By This (Score 5, Informative) 288

Here is a great overview of the technique that was used:

http://www.virusbtn.com/pdf/conference_slides/2009/Maciejak-Lovet-VB2009.pdf

While they are targeting IIS and MSSQL the real issue is developers that don't sanitize the parameters that get sent to the database. The SQL is encoded in at least 2 different layers, so the only keywords that appear in the URL are ;dEcLaRe%20@s%20vArChAr(8000) and ;EXEC%20(@S); and It would be pretty difficult for Microsoft to block those without affecting legitimate usage. If you are using LINQ, Stored Procedures, or Parameterized Queries based on SqlCommand then this wouldn't work against your site or library. Mainly queries created as raw text strings have this vulnerability, and in this case it appears that some library or module used by a number of sites used raw SQL strings instead of the best practices recommended by Microsoft and every other SQL and web server vendor.

Submission + - Police fuck up redaction, lifelock gets the blame (slashdot.org) 2

logjon writes: Today, slashdot reached a new low when it took the chance to point the finger at a private corporation for a government fuckup. A police report was improperly redacted, yet the finger was pointed at LifeLock for taking action when it came to light, ignoring the fact that LifeLock did absolutely nothing wrong, but in fact, took preemptive action against this data leak. One can only conclude that slashdot editors are fucktards, oblivious to the fact that police reports are public records, and that said editors cannot even be assed to rtfa. Details at 11.

Slashdot Top Deals

There is never time to do it right, but always time to do it over.

Working...