Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Re:For variable values of "practical" and "relevan (Score 3, Informative) 117

Not a lot you can do?

Anything that requires signatures is vulnerable to forgery if the signer's certificate specifies SHA1.

An attacker could forge:

1. Software signatures - to slip malware into a software vendor's distribution channels.

2. SSL certificates - to MITM web connections to phish, steal data, or distribute malware.

3. Personal digital signatures - to fabricate documents, including emails, transaction, orders, etc that are normally trusted implicitly due to the signature

4. Subordinate CA certificates - to create trusted certificates which permit all of the above

The problem lies with #4. The real risk is not a one-off duplicate of John Doe's smart card. The real danger is the CAs signed with SHA1 who are still trusted by browsers, applications, and OSes around the world. If an attacker counterfeits one of their certificates, he can issue arbitrary certificates for any web site, any software publishers, or any user.

The only solution is to discontinue the use of SHA1 internally and to revoke trust for all CAs that still use SHA1. Better crypto has existed for a long time---the standard for SHA2 was finalized in 2001, well over a decade ago.

Comment Re:Doing more with less.. (Score 1) 128

Why aren't these tools built in, though?

PowerShell is a very powerful tool, and it is built in. But that's not what you meant.

There are two ways to get it from the vendor. You pay in cash or labor.

Microsoft is happy to sell you SCOM, which is their network management dashboard (among other things). Very useful in a Windows-dominated environment, but there are better third-party options for shops with Linux and Mac systems.

Unless you're talking about the lowest tier of admins, scripting is part of the job. I cannot understand how people function without CLI literacy. The number of repetitive tasks would be mind-numbing.

I have no problem going to management saying "you can pay $XX thousand per year for operations management software, or I can spend a couple days writing and testing a script." I am perfectly happy offering a cheaper alternative that adds to my credibility and value. Always expand your expertise and share with your team if you have the chance.

Comment Re:Doing more with less.. (Score 1) 128

Having no power to spend money, you dutifully route a request for a renewal to be paid for. It goes back and forth to accounting for a couple months asking for justifications for the (trivial) expense because no one will give the operations people a p-card or budget.

While it's usually bad to exaggerate, you don't need to.

The justification should mention that the entire corporate network will become unstable or unavailable if this procurement is not completed by the deadline, which should be at least a few days ahead of the actual expiration date.

Ideally, the IT management hierarchy will understand and push it through. If not, they should at least be capable of understanding the necessity when their experts start barking about the importance of such a minor purchase.

And if it takes an organization 100 days to procure things, then the staff should begin a critical procurement at least 120 days in advance. The alerts are useless if they do not allow time to respond.

Comment Re:Doing more with less.. (Score 1) 128

OK, so you have written such scripts to notify you. Now the company decides they do not need you any more. Are you going to rewrite those scripts to notify someone else? Or even bother to mention to someone that they should do so?

Shouldn't be a problem.

1. The script and its purpose should be documented. Another admin should be able to update it as needed.

2. The output can be emailed or dumped to a file share. Virtually every mail servers supports lists, so the list (or the file share ACL) would just need to be updated.

In a lot of companies, certificate renewal becomes someone's job because they are in the right place at the right time to handle it and everyone else forgets that it even happens until something goes wrong.

First, this "problem" does nothing to change the fact that 2FA is far more secure than passwords.

Second, this is the result of poor management. Any process can become failure-prone in the face of poor management. You need some ITIL training (or equivalent).

It takes a lot of effort to become a well-run organization, but it is totally worth it.

Dealing with their absence has been a mess.

Entirely avoidable. But it requires discipline from the organization.

1. Poorly-defined processes.

2. Lack of documentation.

3. Lack of personnel depth (aka, cross-training---if you need redundant servers then you also need redundant skill sets)

4. Poor change control (his solo fixes should have been discussed and understood by management and the team)

Comment Re: Is it really a swipe? (Score 1) 472

"Someone is higher than me on the ladder! Let's break the ladder so we are all on the ground in the dirt."

If you believe the person higher on the ladder doesn't deserve his place---or hurt others to get up there---then knocking him down starts to look like fairness. Or justice.

If you're already on the ground or a half-step away from it, you won't even notice much of a change.

I'm nowhere near the bottom of the ladder, but I have been lower in the past. And I can easily imagine how things look as you go down.

As you end up with less and less to lose, dangerous bets lose their edge. Anything that has even a small chance of winning smells like hope. And that is what we comfortable people call desperation.

Comment Re:Doing more with less.. (Score 4, Informative) 128

Requiring someone to remember to do an infrequent and short task at a point 1 or 2 years in the future

Bullshit.

I could write a PowerShell script in maybe 10 minutes that will list all of the computers in the domain, connect to them, and check for expiring certificates. I can get a reminder in advance---90 days, 30 days, a week, whatever I want. All I have to do is one thing: understand my job.

Alternatively, some tools (like Nessus, which is FOSS) have audits which automatically check for expiring certificates. They can be configured to email a report, and you can notified every day/week/month if you have expiring certs.

This is a stupid, incompetent failure. You can build or buy a tool to avoid this problem very easily. Compared to using passwords, the only reasonable complaint is that you require decent sys admins.

Comment Re:That much demand for being lied to? (Score 1) 202

The HIPAA and SOX regulations only apply to systems that handle health care and accounting data, respectively.

The payment card industry has a complex set of security requirements (PCI DSS), but this is a private agreement between the parties. Any violations are handled by the private authority that audits their system. (The credit card companies basically force everyone to go along with it because they don't want to deal with massive fraud.)

Customer documents, customer billing information, business plans, etc have zero explicit security requirements under US law.

Comment 100% his fault (Score 2, Interesting) 143

There are public and private streaming options. He was recording to a public stream.

The article even says he noticed it was public after 30 minutes and left it that way.

I have every desire for legal privacy protections, but this guy basically waived them all. And then had the audacity to file a lawsuit.

Comment Re:Is there a product these patents protect? (Score 1) 70

CRISPR (the invention) is a synthetic implementation of the CRISPR/Cas system immune system.

It is a method of customizing where genes are cut. Other methods are used to insert or modify DNA.

It is a tool, albeit a much better one than existed before. Thus, CRISPR could be best compared to replacing a hacksaw with a laser cutter. The general public has no need of such a tool, but we will most likely buy many things which this tool produces.

Comment Re:A tool is not a product. (Score 1) 70

Patent law doesn't require physical products.

But having said that, CRISPR is a synthetic recreation/modification of a part of the immune system. It can slice and dice genes very precisely.

There is a lot of research into using CRISPR to cure cancers and prevent some genetic disorders. There are probably going to be a lot of things that use CRISPR in the near future.

It is a very powerful tool---possibly as historically significant as the steam engine. This is the tool that helps us reshape genes, after all.

Machines were niche products until we could power them with something besides people or farm animals. The ability to use them anywhere, refuel them immediately, and generate more power were all important. In a similar vein, CRISPR vastly expands our capacity for genetic engineering. It is almost impossible to predict what we will do with this newfound power.

Comment Re:Maybe it's time to return to LISP machines (Score 1) 157

If you cannot share memory between processes, you take a performance hit every time you need to share data. For some applications, this is a deal-breaker.

If you can share memory in anyway, that sharing mechanism can be broken somehow.

Pick your poison.

(P.S. - The market made its choice long ago.)

Comment Re:the real reason theyre arguing it. (Score 1) 309

Here's tip: Just don't GLUE it.
Just the space required for glue makes it thicker.

Wrong, wrong, wrong.

If the battery is not glued, it must be fastened by some other means. Typically, this is a plastic mounting bay within the device.

My old Samsung Google phone has a removable battery.

A user-removable battery is even more of a challenge. There must be clearance for the battery to move freely (perhaps only a millimeter or two, but still a bit of space).

There must be a removable hatch to provide access---with either clips and/or a hinge to fasten it. These mechanisms invariably take up more space than glue.

As the body is now weaker due to the opening, thicker panels and stronger construction are necessary.

Unibody construction offers some size, weight, and cost benefits, but it is difficult to employ when key structural panels must have large holes for battery access.

I am not a fan of the "thinner/lighter at all costs" trend, but there are complex tradeoffs behind the design. These issues cannot be hand-waived away by an internet know-it-all.

Comment Re:Productivity! (Score 1) 158

Until you get big-boy projects that require coordination with other people.

What do you do then? Send an email and hope for a quick response? Sit at your desk like a good little doggie until the next project management meeting? Or maybe you go talk it over and get back to work.

The only reason a desk needs an occupancy sensor is for facilities efficiency---or as a crutch for poor hiring and management practices.

Slashdot Top Deals

We are Microsoft. Unix is irrelevant. Openness is futile. Prepare to be assimilated.

Working...