Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Comment What Sourcefire Currently Does (Score 3, Informative) 38

Disclaimer: At $DAYJOB, I work on managed security services using Sourcefire, but this is my own personal commentary, not that of my employer.

Sourcefire's primary product line takes Snort, wraps it in hardware appliances, and adds a lot of management tools that you can use in an enterprise or managed services environment. This past year, they've added a firewall capability to compete with Palo Alto* and the UTM vendors like Fortinet - in addition to basic firewall support they've got application identification, so you can do things like allow users to read Facebook but block Facebook games, and you can also do things like URL censorship and known-bad-site blacklisting. They've also been buying up other companies like ClamAV and Immunet, so they've got feeds of malware site identification, and are starting to integrate that with the firewall/IDS as well as continuing the host-based versions.

Cisco's IDS/IPS offers have been pretty lame the past few years, but they've got decent firewalls, so we'll see how those product lines play against each other. (I don't know what Cisco's doing in Anti-virus and cloud malware detection these days.)

Sourcefire's hardware at the low end is basically Linux box appliances, and at the high end they're doing a bunch of hardware acceleration. Their largest single box will handle 10 Gbps of inspection, and they can cluster up to four of those to support 40 Gbps. There's not much competition up at the high end - McAfee may have come out with a 10 Gbps follower to their previous 5 Gbps box, and Juniper has some boxes that are bigger but are mainly firewalls with some limited IPS capability. If you've got existing Snort on Linux, Sourcefire does also sell connection tools to integrate with their management systems.

*The term "Next Generation Firewall" means "whatever Palo Alto's marketing says it means", but is at least firewall plus application identification. I've heard that Cisco tried to buy Palo Alto last year.

Comment IBM 403, PDP-11/20 vs. 4GB laptop+Google (Score 1) 587

The first computer I was allowed to hack was an IBM 403 printer, which I used for a Boy Scout mailing list. We weren't allowed to mess with the wires on the plugboard, so it may not count, but we could do anything we wanted with the paper tape, punch cards, and card sorter. It had very little internal memory, but it could fit a big stack of cards; 1000 cards * 80 columns = 80K bytes, and I think the character set had 48 values (so you could call them 5.5-bit bytes if you wanted.) And the Model 026 keypunch ran on vacuum tubes.

The PDP-11 probably had 24KB of RAM, maybe 32KB. I think they upgraded from an 11/20 to an 11/44 after a year. It was based at the local university, and a dozen or so high schools time-shared on it, using RSTS-11 and programming in BASIC, with Model 33 ASR teletypes.

The first computer I owned was an HP programmable calculator (I forget if it's HP-21 or HP-25. 49 words of program memory, 4 words of stack.) The next computer I owned was a retired 386, because there was no point in owning a home PC when I had a terminal into the machines at work.

The first computer I ran myself was a VAX 11/780, which had a huge 4MB RAM that required two cabinets. Our application really needed 12MB, so I played a lot with virtual memory for a few years; after a few years chip densities improved and we were able to afford to upgrade it to 16MB, and suddenly the application ran in an hour instead of a week. (We could have probably done that upgrade a year sooner, saving a lot of work and getting better results, if the bean-counters hadn't thought that capital budgets and labor costs were entirely different kinds of money.)

My current work computer has 4GB of RAM, and [grumble] 32-bit Windows on it, which is the current annoying-640K-equivalent. The hardware would be fine with a 64-bit OS, but the IT department isn't. I am connected into a larger VMware server, which probably has 48GB, and most of my VMs are 1-2GB. And I've also got a window connected to Google - I don't really know how much memory it has :-)

Comment Crypto Weaknesses of Dropbox (Score 0) 445

Dropbox encrypts each of the steps - your PC to their server, their server to their storage, their storage back to your PC/phone/etc. That's very different from user-controlled encryption, where you've got the keys, Dropbox only ever gets cyphertext (which it might wrap another layer around for extra security), and if the FBI hands them a warrant, they've got nothing useful to hand over.

It's somewhat of a business model problem for them, though - if they want to start adding lots of extra features, like Evernote's conversion of data between formats (OCR scanned pictures, read email via text-to-speech, etc.), they need access to the plaintext, but I have no intention of outsourcing my plaintext.

Comment Sand Bars in NJ (Score 1) 249

I used to live in Sea Bright NJ, which is a barrier peninsula community consisting of a bunch of sand, a sea wall, and some bridges and roads connecting it to the mainland. 200 years ago, the Sandy Hook end of it was an island, and it seems to want to become an island again, though the Army Corps of Engineers periodically pours another $10m of cement onto the sea wall to tell the tides to stop.

I knew I was renting the place I lived; some of my neighbors thought that they actually owned something. I lived on what passed for high ground, about 3 feet above river level. Downtown would occasionally flood during the winter. If the sea level rises much at all, the place is doomed.

Comment Person we like. Company we like. Conflict. News. (Score 1) 224

It's one thing if Anonymous Coward gets fired from $BORING_INC and whines about it. But this is a story about a really cool well-known hardware geek getting fired by a really cool well-known games company because their believed-to-be-interesting culture is a mess and doesn't have a clue about hardware. That's news.

And it wasn't all that long ago that the tech news was excited that Valve had hired Jeri, because they wanted to do something with hardware that would obviously be amazingly cool since they were willing to start a whole new hardware group to do it and obviously must have some kind of vision about it, and also because our friend had gotten hired by a really fun company.


Exposed SSH Key Means US Emergency Alert System Can Be Hacked 86

wiredmikey writes "Recently discovered security flaws in the Emergency Alerting System (EAS) which is widely used by TV and radio stations across the United States, has made the systems vulnerable to remote attack. The vulnerability stems from an SSH key that is hard-coded into DASDEC-I and DASDEC-II devices made by Monroe Electronics. Unless the default settings were altered during deployment, impacted systems are using a known key that could enable an attacker with full access if the systems are publicly faced or if they've already compromised the network. By exploiting the vulnerability, an attacker could disrupt a station's ability to transmit and/or could send out false emergency information. 'Earlier this year we were shown an example of an intrusion on the EAS when the Montana Television Network's regular programming was interrupted by news of a zombie apocalypse. Although there was no zombie apocalypse, it did highlight just how vulnerable the system is,' said Mike Davis, a principal research scientist at IOActive. The DHS issued an alert on the vulnerability, and IOActive, the firm that discovered the flaw, has published additional technical details (PDF) on the security issue."

Firefox 23 Makes JavaScript Obligatory 778

mikejuk writes "It seems that Firefox 23, currently in beta, has removed the option to disable JavaScript. Is this good for programmers and web apps? Why has Mozilla decided that this is the right thing to do? The simple answer is that there is a growing movement to reduce user options that can break applications. The idea is that if you provide lots of user options then users will click them in ways that aren't particularly logical. The result is that users break the browser and then complain that it is broken. For example, there are websites that not only don't work without JavaScript, but they fail in complex ways — ways that worry the end user. Hence, once you remove the disable JavaScript option Firefox suddenly works on a lot of websites. Today there are a lot of programmers of the opinion that if the user has JavaScript off then its their own fault and consuming the page without JavaScript is as silly as trying to consume it without HTML."

Comment Because everybody is a spam recipient (Score 1) 65

Yes, SEO is a business term. The technical term for it is "lying to search engine robots so they'll tell people your page is more interesting than it actually is."

There are other people who can help make your web site more interesting, or make it more accessible to search engine robots. Most of those people call themselves web designers or editors or content specialists or people who've spent 15 minutes reading Google's advice.

Comment Blackface minstrels (Score 1) 334

There are some variants on Morris dancing that are traditionally done in blackface. It's not African blackface, it's English coal-miner blackface.

On the other hand, I also play old-timey American music. There's a really good group called the Carolina Chocolate Drops who talk about the African-American roots of much of that style of music (obviously banjos, but other aspects as well), and they've said that they're probably the first generation of African-Americans who could play that style of music without their parents smacking them for doing something related to the old minstrel shows. Stephen Foster wrote some really good tunes, but you just have to play many of them as instrumentals and not try to fix the lyrics...

Comment Interop is still around? (Score 1) 334

I last went to one of those 20 years ago. It had stopped being an actual interoperability demo a few years earlier, but there were still some techies there as well as marketers in suits. It was the smaller Atlanta version of the show, and I was in town for a class. I ended up having dinner with the folks from a small East Coast software company that I knew a few of from Usenet, and they appreciated being able to refer to something that had happened at Pennsic without having to explain what Pennsic was (I hadn't actually been to it, but SCA was part of common techie culture.)

Comment Re:Unprofessional reverse-sexism (Score 1) 334

It's not whether they're physically attractive, it's whether they're dressed to be professional or attention-getting. The person in the booth-babe dress doesn't know your product, though neither does the guy doing the magic-show shill and giving out yet another iPod to the person who picks the card with the correct three buzzwords on it. (And neither does the restaurant worker running the espresso machine, but after dragging all over a trade-show floor I'll still appreciate your company for giving out coffee instead of making me go out and wait in line at the snack bar.)

Slashdot Top Deals

Any sufficiently advanced technology is indistinguishable from a rigged demo.