Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Another item on the list (Score 1) 32

I wouldn't say it's "different than", I'd say it's another item on the check list:

a) Ensure security updates are installed in a systematic way
b) Ensure up firewalls are set up and regularly reviewed
c) Review configuration port forwarding, NAT, VPN, etc annually
d) Annual security review by objective third-party security professional

We can also help you with A, AB, and C. Updates, for example, are important for confidentiality and integrity, but some upgrades can create problems for availability - they can break things. How can you ensure *all* systems are updated regularly and frequently, while at the same time ensuring that updates don't break important functionality, and if something does break, you can quickly identify the cause? A security professional can help answer that, or whatever other issues that come up as you security matures.

Comment Unless you've put your entire life savings into it (Score 1) 32

In terms of dollar amounts, larger companies obviously work on a larger scale.

On the other hand, "mom and pop" businesses often have their whole life invested in their business.The server being out of commission for two weeks while you both secure it and clean up the mess from the hackers means they can't make their personal mortgage payment. The smallest companies have been my best customers. Of course my business is designed for small companies - low-priced, high value per dollar offerings, simple web ordering rather than spending time (money) in meetings and writing proposals, etc. A couple hundred bucks for a professional grade offsite backup can largely secure their personal livelihood.

Comment There's certainly a place for that, a ROI point (Score 4, Interesting) 32

As mentioned in the interview, they took 13 minutes to find a major vulnerability in the Pentagon systems. Heck you can have someone run a Nessus scan for you at a cost of about $50, and probably find some significant vulnerability.

Of course it's also possible to go overboard, to spend more on pen testing and security consulting than it's worth, but some really smart security people can be had for under $200 / hour, and in a couple hours they can do a lot of good for a company.

Along the same lines, I think it's definitely worth it to involve a security expert in a about three meetings for any major software project - once when the overall architecture is first being discussed, once when specific plans are in place, and once to review before going live on production. using my self as an example, I've been doing security full time for 20 years, and I know what the common mistakes are. I know what the "smells" are - if you mention certain words, I can tell you those are areas you need to be careful. You don't have to spend a lot to teleconference me for three one-hour meetings, and I can potentially save you millions.

Besides what most people think of as security, "confidentiality", my view of security is "the system continues to operate correctly - even when an attacker is trying to make it fail". That implies that it operates correctly when it's NOT being attacked. My suggestions give you better up time and more reliable results. A simple example is a government system I looked at which was subject to SQL injection on a name field - it had SQL like "INSERT INTO tbl lastname='$lastname'; ". Sure, that's SQL injection, but it also failed on names like O'Reilly - perfectly legitimate customers couldn't use the system. Applying security concepts (it should work correctly even when it's being attacked) made it work much more reliably every day, and at a very low cost.


Comment Re:Clever design (Score 1) 250

Possibly true, but better graphics and more horsepower does not automatically makes for better games. It is all about FUN, first and foremost. A bad game with great graphics and more particle effects is still a bad game.

Two of my favorite games are still Fallout 1 and 2. They play great on a 100 MHz Pentium. Add a patch to support wide-screen monitors, and the games are still every bit as fun today as it was 18 years ago. The graphics still look pretty good, and the story-telling and gameplay have not aged at all.

Comment Let us know if you need to support for older (Score 1) 255

> The industry I'm in requires 7-10 years of future supply availability for things we design/validate... so, we tend to stay away from the EBay bargains

Which pretty much ends up being the same thing, as far as driver support goes - you need to have confidence that it will still be supported in the future, when it becomes an eBay bargain. What you're starting to use today, I'll start using in five years - and you'll still be using it.

It's not uncommon on the Linux Kernel mailing List to see a post "is anybody still using 1999-era Foo hardware from Bar Inc? If not, we may remove support." If somebody is still using it, the general policy is that the newest kernel should keep supporting it. Of course we have to *know* that somebody is still using it, so if you rely on hardware that's 15+ years old it would be good to monitor support.

My understanding is that the same is not true of Windows - you can't even email their engineer in charge of hardware X, much less will he continue support for you. You -can- email most any Linux maintainer, and they'll respond (but see ESR's Smart Questions document).

As you probably know, enterprise distributions like RHEL/CentOS support the entire distro for up to ten years. Red Hat / CentOS 7 EOL is 2024, so anything supported by CentOS 7 today will still be supported at least until 2024.

If it were me, if I wanted support for a brand new consumer device that just came out last week, I'd bet on Windows. If I wanted long-term support, to have the device supported when it's ten years old, I'd definitely bet on Linux.

Comment Re:Clever design (Score 4, Interesting) 250

I am actually less concerned about horsepower than I am with ownership. To me, current generation graphics are good enough. Would Mario be any more fun if you can see each and every pore and pimple on his face?

My last Nintendo console was a Wii, which suffered a mishap. I lost all of my purchased games because Nintendo tied downloadables to the console instead of the account. I honestly gave the Wii U a pass just because of this.

If I buy a Switch and some downloadable games for it, and it is destroyed, will I have to re-purchase all of those games, or can they be transferred to a new console easily? I really want the sane standards set by Steam. I am not a favor of DRM, but since some publishers insist on it, at least Steam does it in a manner that is least obtrusive.

Comment AND they know the truth is better than the spin (Score 2) 85

It sure sounds to me like they are prohibited from talking about, so to get any information out they have to ask the FBI to do so.

ALSO this suggests they WANT information released. They could just say "we can't discuss that article". Instead, they are trying to get a copy of the order published. That strongly suggests that they believe once people see what's actually in the order, it'll be better than the speculation. Further, they calculate it'll be better *even though it'll renew interest, creating another round of news stories*.

Comment Can't read my posts either. Strange obsession (Score 1) 531

You seem to have a rather strange obsession here. Let me try saying it one more time for you, in all capital letters maybe so you can see it:


"Republicans won't admit it"you say - in the very article you linked to, it quoted the Senate majority leader saying they would wait until after the election, that they weren't going to confirm the kind of justice Obama would appoint.

You seem to have a strange obsession with this idea of yours that senators selected by the voters should abdicate their Constitutional duty to ensure a justice is fit for the job (based on what the majority of voters consider fit), and instead confirm whoever Obama chooses. I don't know where you get that idea. Oddly, it seems you'd also rather them play around and pretend to hold hearings about the guy, knowing they aren't going to confirm him if Trump wins. Why would you *want* them to waste time playing games? The people didn't vote control of the Senate to the Democrats, they voted the Republicans in, in many cases one reason they voted republican was to check Obama's appointments of liberal judges who re-write the Constitution to their preference.

Comment I do. HP's Linux driver more up to date than Windo (Score 1) 255

I buy printers at Best Buy or wherever. I have no doubt that you had some problem with some printer, I haven't so much. I once noticed that HP's printer driver for Linux was more up to date than their Windows driver. Mostly I buy HP and Lexmark, maybe some other brands are different, or maybe you installed the wrong driver or something, I don't know. Most of the time, the latest version of Windows is supported by the the newest consumer-grade stuff at Best Buy, though, sure. It's the older and more professional stuff that's weak im recent Windows.

What I DO know is that because of the huge difference in support for older hardware, by the numbers Linux supports far more pieces of hardware. For me, I often buy hardware like RAID cards that cost $1,400 a few years ago; I find them for $85 on eBay. I have the equalivent of a $12,000 workstation or server cluster from few years ago, for about $1,000. A lot of that hardware isn't supported by Windows 10.

Comment Re:We're going to nuke Russia (Score 1) 396

I find it funny how you get focused on the specifics about being under oath.

Under Title 18, section 1001 if the United States Code, it is illegal to make a material misstatement to any member of the federal government. Still, we are getting off topic. My statement still stands: she belongs in jail.

Here is a quote from the director of the FBI:

Clinton was wrong when she said she never sent or received classified information over the server. "Our investigation found ... 110 [emails with then-classified information] that she either received or sent,


In fact, he said, three emails on Clinton's server had a paragraph "summariz[ing] something" and included a C in parentheses at the beginning of it, indicating the paragraph contained information "classified at the confidential level, which is the lowest level of classification."

Hillary handled 110 e-mails that had classified info, and three of them were clearly marked. However, as the Secretary of State, you would think that she would be clearly aware of what makes something classified, since she was the BOSS! What higher authority is there as to whether something should be classified other than the president? The buck has to stop somewhere! So, the BOSS handled three classified marked classified e-mails, and was clueless that the other 107 were classified, which is A BIG PART OF HER DAMN JOB!

If you or I has been that careless just 3 e-mails, WE WOULD BE IN JAIL. People HAVE been jailed for far less. Here is an example:

Navy engineer sentenced for mishandling classified material: Bryan Nishimura of Folsom, California, pled guilty to the unauthorized removal and retention of classified materials during stints in Afghanistan in 2007 and 2008. Hereâ(TM)s the money quote from the AP â" âoeAn FBI search of Nishimuraâ(TM)s home turned up classified materials, but did not reveal evidence he intended to distribute them.â The exact words used to clear Hillary of her misdeeds. Instead, Nishimura was sentenced to two years probation, fined $7,500, and had to surrender his security clearance. Meanwhile, Clinton will be able to serve as Commander-in-Chief.

So, yeah, Hillary got away clean with greater misdeeds than mere mortals get a felony for.

I should note that Hillary claimed to have NO IDEA what the "C" mark meant. Isn't that "classified 101"? That is like having a doctor have no idea about the difference between an artery and a vein. She has been PROVEN INCOMPETENT, and yet people like YOU still support her.

I happen to like you calling me names. Instead of actually disproving me, you just insult me. Like I said, you might be able to convince me that you are right if you use better insults. I am sure that you can look up better names to call me -- that will prove that I am wrong.

Comment Forgot to read it before linking it? Agrees with m (Score 1) 531

Did you forget to read that Politifact page before linking to it? It says all the same things I said about Merrick Garland. The very page you chose to link to says he's "known as a liberal", which isn't what Republicans want, and says liberals criticized the pick for EXACTLY the reasons I said they did, "Democracy for America expressed disappointment that Obama selected a white man rather than a woman of color".

You might as well have linked to my own post as your "refutation". Except of course Politifact is a more credible source, saying exactly the same things I saidb

Comment Re: PS "grep | wc" says Dems 25X more racist (Score 3, Insightful) 531

> > In my opinion, the constant focus on race and gender is stupid and highly counter-productive. I think we should be talking about the QUALIFICATIONS of Supreme Court nominees, not going on and on about where their great-great-grandfather was born, nor the contents of their underwear.

> Let me introduce you to Merrick Garland.

Sure, let's talk about Merrick Garland. Judicial experts considered him to be one of the most qualified candidates in 2009. Clinton chose a less-qualified candidate with a vagina and darker skin.

In 2010, there was another vacancy. Commentators again pointed to Garland. Obama appointed a less-qualified person with a vagina and darker skin.

In 2016, with no more political elections ahead of him, Obama nominated Garland. Certain Republicans decided they'd rather a 50%-50% chance of getting a justice who follows the Constitution as written, appointed by the next president. They think Merrick Garland's type of judicial reasoning is fundamentally wrong. Liberals, on the other hand, criticized the pick why? Because of his lack of experience? No, he had experience. They complained that Obama should have picked someone with a darker complexion.

Comment Who *created* binders full of women? (Score 1) 171

Romney reported that "women's groups" brought his administration "whole binders full of women". Who exactly created "binders full of women" and brought them to the state house?

That would be MassGAP, an organization created by and affiliated with the Massachusetts Women's Political Caucus. The front page of their web site lists the candidates they are endorsing this year. Guess which political party they all belong to? That's right, the binders full of women were created by a bunch of Democrats. Because that's what Democrats DO, that's how they see the world, men vs women, black vs white, us vs them.

Slashdot Top Deals

"Marriage is like a cage; one sees the birds outside desperate to get in, and those inside desperate to get out." -- Montaigne