Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Does anyone actually use PowerShell DSC? (Score 1) 212

Yes, *I* use DSC quite a bit. In fact, pretty much daily. But as upi state - *** For my server builds. ***

This broke Windows 10 version 1607. I run it at home, and at work on a couple of test desktops, but i know of no instances of 1607 under our SCCM - for that matter, we only have about a 5% deploy of Windows 10.

So yes, this slipped through, but I think the actual exposure will be quite small. Lots of crowds and torches on slashdot, but this is probably a very small blip.

  In fact, by virtue of how Fast Track gets deployed I don't think I'd ever see this issue -

    Win10 install from SCCM or ISO
    Apply DSC config as part of the build or part of a configuration script
    manually enable fast track
    wait for MS to update the box to fast track
    get the new build
    finally get the bad patch

If I were MS, I'd look at creating a better patch/update exposure matrix - the Fast Track for Insider Updates includes all sorts of telemetry, and I would imagine that they could look at a patch and compare the functionality to the actual use telemetry - "This patch updates DSC. DSC has been used by 1% of all fast track users over the past 10 days. Risk of patch++"

Comment Re:Opinions on upgrade...potentially off topic. (Score 1) 407

Wow - a thoughtful and logical comment on why Windows 10 is actually interesting.

My biggest addition to this is the boot time - Win10 boots in under 5 seconds on my SSD laptop, compared with 15-20 on my desktop with a high end Seagate hybrid 7200 (I know, bad purchase. If I could have waited another year...) My desktop boots up with a couple of active HyperV instances (Plex Server, Ubuntu, FreeBSD), so its not really usable for an other couple of minutes, but that's my own issue.

The Windows 10 interface is an interesting combination of the old and new - all your programs are immediately available like 7, but you have the live tile pane for all the new "chatty" applications - weather, news, recipes, Facebook, etc. all with their own ADHD inspired "Hey! Click me!" look. I'm running insider/fast on one of my boxes and the interface changes that are coming for the summer release are quite good. I've got tile sections for Office, Development, Admin tools and other crap - which is sort of back to the old Program Manager Groups from Win3.1 :-)

Updates, well, its windows so it will do that. I've only had issues when I clicked the "do it now" button, then realized my wife was watching something off the Plex server.

Other than a couple of minor issues, it just works.

Submission + - Ad technology company claims ad blockers are "breaking the Internet" (telegraph.co.uk)

whoever57 writes: London, UK based ad technology company Oriel has published a claim that ad blockers break web applications in ways other than merely not displaying ads. They show examples such as airline sites that will not allow check-in because of the effects of an ad blocker. The original report is here. The CEO of Oriel is quoted saying that he discovered this accidentally when attempting to check into a flight, which raises the question: why would the CEO of an ad technology company use an ad blocker?

Submission + - How does one store keyfiles securely, but still accessible in case of emergency? 2

castionsosa writes: With various utilities like borgbackup, NetBackup, zbackup, and others, one uses a keyfile on the client as the way to encrypt and decrypt data. Similar with PGP, GnuPG, and other OpenPGP utilities for the private keys. However, there is a balance between security (keeping the keyfile in as few places as possible) and recoverability (keeping many copies of it). Go too far one way, and one will be unable to restore after a disaster. Go far the other way, and the encryption can wind up compromised.

I have looked at a few methods. PaperBack (which allows one to print a binary file, then scan it) gives mixed results, and if there is any non-trivial misalignment, it won't retrieve. Printing a uuencoded version out is doable, but there would be issues for scanning, or worse retyping. There is obviously media storage (USB flash drive, CD-ROM), but flash isn't an archival grade medium, and optical drives are getting rarer as time goes on. Of course, stashing a keyfile in the cloud isn't a wise idea, because once one loses physical control of the medium the file is stored on, one can't be sure where it can end up, and encrypting it just means another key (be it a passphrase or another keyfile) is stored somewhere else. I settled upon having a physical folder in a few locations which contains a USB flash drive, CD-R, and a printed copy, but I'm sure there is a better way to do this.

Has anyone else run into this, either for personal recoverability of encrypted data, or for a company? Any suggestions for striking a balance between being able to access keyfiles after disasters of various sizes (ransomware, fire, tornado, hurricane) while keeping them out of the wrong hands?

Submission + - Researcher Seeks Help Finding Developers of App Exposing 198,000 Users (csoonline.com)

itwbennett writes: Researcher Chris Vickery has previously discovered database misconfiguration issues leading to exposure of sensitive information on 1,700 kids whose parents used the uKnowKids.com monitoring service, user accounts of millions of Hello Kitty fans, millions of voter records, and personal information of millions of MacKeeper users, among others. Now, he is trying to find the owners of a database containing 190,000 records, including email addresses, usernames and hashed passwords, that is sitting open in the public. 'The exposed records are connected to an iPhone application called Kinotopic,' writes CSO Online's Steve Ragan. But Vickery has been unable to contact them. 'I have tried to get in touch with the Kinotopic developers in several ways. All were unsuccessful,' Vickery wrote in a blog post explaining the situation.

Submission + - How Amazon Shames Warehouse Workers for Alleged Theft (bloomberg.com)

Fudge Factor 3000 writes: Using Orwellian methods, Amazon has put up flatscreen TVs in its warehouses to discourage theft amongst its employees. These TVs show clips of alleged on-the-job thefts. To keep the thieves anonymous, they are masked by a silhouette stamped with the word "terminated" with the particulars of their theft also displayed. Theft is a serious concern for Amazon because of the low pay and high-turnover of their workers. The simpler solution may be to pay workers a satisfactory wage so that they are less likely to steal. However, most workers claim that these tactics are just to let them know that they are being watched. Sweatshops don't just exist in Asia, they are also present right here in the USA.

Comment Re:Issue is more complicated (Score 1) 928

So I'm waiting for someone at a major corporation that does substantial open source development to file a hostile work environment suit against their company if they are required to do kernel submissions. That would *quickly* result in a change in attitude if a major contributor decided that it was potentially litigiously expensive to contribute.

And I'm talking Intel, IBM, RedHat, or even Google, all with massive presence in the US, where this type of behavior would be considered completely unacceptable.

I'm sorry, this is like working for a vulgar cousin or uncle. Fine for small business and family shops, completely unacceptable outside of that type of environment.

Comment Re:Standing (Score 1) 203

This quote from the end of the article says it all:

"Lee Goldstein, a clinical instructor in the Harvard Law School legal aid bureau, said that the issue of whether the students were legally qualified to sue, known as standing, could be fatal to the students’ suit, as it was to the earlier suit brought by Mr. Bonifaz and others."

"could be" is a way of putting it politely.

"could be" is a way for lawyers to charge more hours.

Slashdot Top Deals

Base 8 is just like base 10, if you are missing two fingers. -- Tom Lehrer