Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment VPNs kinda sorta ... they will help, a little. (Score 2, Informative) 120

I've been running an openvpn link from my home to our colo for years. I also have it set up on all my devices so I can use it while traveling. Some of our DFly devs also use it when they are traveling. Here's my cumulative wisdom on the matter:

Generally speaking it works quite well. I use a medium-numbered port but I also have a server running on port 443 because the many weird networks one runs through when traveling often block most parts, but usually leave the https port open.

* Use UDP for the transport when running openvpn over a broadband link. This provides the most consistent experience.

* Use TCP for the transport for connections from mobile devices. This provides the most consistent experience. There are several reasons for this not the least of which being that the telco infrastructure seems to devalue UDP by a lot verses other traffic. TCP is also a lot easier to run on the server-side if you potentially have many devices connecting in, because you can run one server instance.

* Configure a smaller mss, I use 1300, so the encapsulation doesn't get fragmented by the transport. This is very important.

* Configure a relatively frequent keepalive in openvpn over a WAN link (I use 1sec/10sec), but a less frequent one over mobile (I use 20sec/120sec). This is particularly important on mobile because cell tower switches can cause long disruptions. You don't want to drop the VPN link in such circumstances if you can help it. DO NOT DISABLE THE KEEPALIVE. Always have an openvpn keepalive setup, particularly over TCP, because the TCP connection backoff can prevent your sessions from recovering or cause them to take a long time to recover if one or the other direction is not actively sending data (such as with most web connections, downloads, streaming, etc).

I personally like 'OpenVPN Connect' on IOS (which I use to connect to our project colo). And of course I run openvpn on all the DragonFly boxes including my laptop.

--

Reliability of the VPN depends entirely on the path between your location and the VPN server. The packet must travel this path in addition to the path from the VPN server to the nominal destination, and even in the best of circumstances it will double the chances of something going wrong.

I've had a number outages at home where my cable link is still operational but the cable company's path to the VPN server is having problems. Also, recovery times are longer because not only does the dead network have to revive, but the openvpn setup has to reconnect and renegotiate.

--

Commercial services are going to be hit or miss. VPN'ing your broadband link might be problematic and you have no real visibility into what the commercial service is doing with your data. That said, they are probably going to be a lot better than trusting your data to the telco and wifi hot-spots you connect from when you are mobile.

Netflix and other video streaming providers will often block-out commercial VPN IPs from the service. Generally speaking, using a commercial service for high-bandwidth connections is really hit-or-miss. You are using their bandwidth as well as your own.

When using a VPN, you are bypassing any special deals your broadband provider has made with the likes of YouTube, Netflix, etc. Remember that if the cell bandwidth is supposed to be free, because it won't be over the VPN.

--

In terms of security, its a mixed bag. The VPN will secure your traffic from your immediately ISP/Telco (aka Comcast, AT&T), and that's actually very important. However, you are not anonymous and once your traffic reaches the egress point its up for grabs by any network it flows through and, in particular, the target web page or whatever might be doing its own data collection.

But the telco data collection is MUCH more valuable to third parties than target data collection, and the VPN link at least protects you from that.

The VPN will not do a whole lot for your internal network security. If someone breaks into an IOT device on your home network you are pretty much screwed. The best defenses here are (A) to not use IOT devices in your home - disable their internet access for the most part, and (b) is to have a router inbetween your cable modem / U-verse device and your home network:

cable modem home router home network + WIFI router

I run all the NAT and openvpn stuff on my home router, so a compromised cable modem has no access to my home network. I also segregate the wired ethernet's IP space from the wireless router's IP space, and firewall the IPs, so nothing on the wireless router can fake my wired IPs.

More on the IOT devices. Obviously things like a printer or AppleTV have to be on the wifi network. But your refrigerator, 'smart' TV, Blueray player, receiver, and other junk does not. And you can further segregate the wifi devices by running several different WIFI SSIDs with different passwords. I don't quite go that far even though my printer is almost certainly vulnerable to a LAN hack.

-Matt

Comment Flash... (Score 2) 218

What did it in should be obvious... one security exploit after another, non-stop, for over 8 years. HTML5 might have been the final nail in the coffin but Flash really did itself in.

When Flash was originally conceived by Macromedia very little thought went into security, because at the time security wasn't a big issue (the Internet was still fairly small, compared to today, and hackers had not yet really ramped up on a large scale). The entire codebase was inherently insecure and trusting of the flash handed to it.

In all that time, ever since that first flash product went out the door, right on up to today, nobody did more than basic hand-waving around the security problems. I'm sure they will claim that they tried... but no... they really didn't.

In the end, people finally got tired of the endless stream of security exploits.

-Matt

Comment Re:I'll document it tomorrow (Score 1) 537

I find that whenever I try to set a hard, fast programming rule, I find side cases where I honestly probably should break it. It doesn't matter what the rule is about - spacing, line wrapping, what belongs in a class vs. a standalone function, what files to put various pieces of code... whatever rule I make, I find cases where it probably would be better for me not to follow it.

The same happens with comments. I'm very much in the school of long, descriptive function names and variables that are self-commenting. I hate coming across old, outdated comments that no longer apply to the code; with long, descriptive variable and function names, you can read what's happening and it's always up to date. And often that's enough. The code says what it's doing, it's straightforward... job done.

But that's not always enough. Because it's one thing to say what's happening. But it's another thing to say "why". When was the last time you put the word "because" in a variable or function name? That's what comments should be for. Not what you're doing, but why you're doing it. Sometimes code just needs descriptive variable and function names. But sometimes you really need the "why" explained.

Comment Re:I'll document it tomorrow (Score 1) 537

Or the more annoying:


void fn193(dt_1011 a)
{
/* BEGIN FUNCTION */

/* IF a is greater than 5 THEN*/
    if (a > 5)
    {
/* Loop 10 times */
        for (int i = 0; i < 10; i++)
        {
/* Call fn828 with arguments a and i */
            fn828(a, i);
        }
/* end IF statement */
    }
/* end FOR loop */

...

/* END FUNCTION */
}

.... without ever having mentioned why they're doing any of it. Yes, someone who used to work here actually programmed like that. A comment on almost every line, and none of them at all useful. :P

They did sometimes have function headers. Unfortunately they were mostly cargo-cult style copies, full of meaningless cruft and long-outdated information, and... it almost hurts me to say this... doublespaced. ;)

Comment Re:Why no 4k footage of the moon? (Score 2) 48

You said both the Moon and Mars. Can you not even read your own posts?

FYI, there are not "millions of people" who would like to sit around staring at a picture that only very slowly changes. And there's no point to live video anyway because there's no action; you can just broadcast stills and interpolate between them if that's what you want. All stills that NASA captures are released publicly for people like you to oggle at.

Lastly, in case you're actually curious, there are four missions active at the moon right now: ARTEMIS P1, ARTEMIS P2, LRO, and Chang'e 5-T1. The former two don't have cameras; they're simple satellites for studying radiation and magnetic fields. Chang'e 5-T1 is just a test mission for China to advance its technology for future moon missions. LRO is the only one that takes pictures. You can see them here. Unlike Mars, a well designed spacecraft like LRO (although not a cheap spacecraft) could have enough bandwidth for streaming live HD video. But LRMO is quite reasonably designed for science, not screensavers. It has three cameras. Two are black and white cameras which are more like a telescope (as with most spacecraft cameras) - black and white for maximum resolution (every pixel measuring brightness rather than every several combined pixels). I don't know if you've ever tried to capture video through a telescope while moving relative to the object you're trying to capture, but as a general rule it doesn't work very well, and there is nothing about the hardware that's setup for video processing. The third is a wide angle colour camera... "wide angle" in that the camera images are many times wider than they are tall, designed for capturing (nonaligned) strips of the surface in seven spectral bands (which do not correspond directly to what the human eye sees, but are most useful for determining the composition of the surface)

Not that they would ever waste such an expensive instrument's time on capturing a glorified screensaver for Slashdot ACs.

If you want a screensaver satellite, find someone who's willing to pay many tens to several hundred million of dollars to make a fancy screensaver.

Comment Re:Any photos of the entire Earth? (Score 1) 48

LM doesn't mean Lunar Lander, it means Lunar Module. I don't know why you expect NASA's search engine to find things when you call them by the wrong name. Do you expect it to turn up pictures of the space shuttle if you type in "Space Bus"?

As for your other stuff, you're clearly trolling, and I don't feed trolls.

Comment Re:I think (Score 2) 48

Thankfully the URL is easy to remember... just like images.google.com.

It's kind of amusing searching for keywords that you wouldn't expect to show up on a NASA image search. For example, I found a Native-American juggling hoops, old ladies line dancing at a farmers' market, kids dressed as Men in Black dancing underneath the Shuttle Endeavour, people using the primary mirror of James Webb to take selfies, actress Nichelle Nichols (Uhura) singing, NASA's hip-hop dance team Forces In Motion (travels around middle schools teaching Newton's laws), James Ingram singing "I believe I can fly" in front of Bill Nye, NASA administrator Dan Goldin laughing with (hopefully not at) a "bubble boy" in a protective suit, enough frames of someone testing out a spacesuit to make a stop-motion dance video, and a bunch of other unexpected weirdness.

Comment Re:Why no 4k footage of the moon? (Score 1) 48

What are you talking about? We''ve been sending some damned impressive cameras out into space of late. Heck, even not just "of late". Have you seen the HiRISE images of Mars? Forget 4k, you can download those in 8k.

Now, if you're talking constant live 4K video footage, the problem isn't the cameras, it's the bandwidth over such huge distances.

Comment Perfect timing (Score 2) 48

The timing on this is perfect. A group I'm in is working on a book and right now going through trying to get copyright permission on all of the images we want to use (and sometimes you can't get it without paying fees, or can't get in touch with the author). Having such a huge wealth of public domain images all together on one seemingly well-designed search engine will be great for finding substitutions.

Too bad there's no ready substitution for figures from papers, however :P For a nonprofit book a lot of the big servers charge around $50 per image. Which for a full length book (dozens of figures) is thousands of dollars. Most authors are very nice about granting permission, but the journals are all about cash.

Comment Re:Thanks, I'll pass on all of them (Score 1) 253

I'll grant you restaurant variety will suffer the smaller the town. That said I live in a place with a population of less than half a million and we've got several Thai places, numerous Korean joints, at least one Japanese eatery I'm aware of, and a couple Indian places.

That describes one side of a single city block in downtown Vancouver, if you add a Vietnamese Pho, a Starbucks, two decent coffee shops, and a superior French bakery.

Comment Re:I know just the man for the job (Score 5, Informative) 78

Not just been photos, there's been some reported video as well (also Queensland). I did check the gait of the animal in the video, and it matches a diagram of the thylacine's gait. But that's hardly unique to them, it just narrows down the range of possible species. There's old zoo footage here.

I doubt it's actually a thylacine, but who knows, weirder things have been discovered.

Comment Re:Yeah, but no (Score 1) 109

Dissecting the test output:

11737/s avg= 85.20uS bw=48.07 MB/s lo=66.22uS, hi=139.77uS stddev=7.50uS

That means the average latency is 85uS (averaged over all reads), the lowest latency measured was 66uS and the highest was 140uS. Another important metric is the standard deviation... that is, how 'tight' access times are around that average latency of 85uS. In this case, a standard deviation of 7.5uS is very good.

Comparing this to the Optane. what Intel has stated is that the average latency over all reads for Optane NVMe will be around 10uS. They also stated that the standard deviation would be much tighter. So that is comparative.

But here's the real problem... you ask whether Optane will beat a PCIe SSD as a HDD cache in actual real-world desktop circumstances. I will add 'at the same price point'. The answer to that is going to be 'no'. The reason is that you can buy 4x to 8x the amount of NAND NVMe-based storage as you can Optaane NVMe storage for the same price.

So instead of having a 32G Octane cache, you could have a 128GB-256GB NAND SSD cache for the same price. That *completely* trumps Octane, no matter how low Octane's latency is, for this use case.

-Matt

Slashdot Top Deals

You can write a small letter to Grandma in the filename. -- Forbes Burkowski, CS, University of Washington

Working...