Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment No problem (Score 2) 46

You can have that however you have to accept a few things:

1) Costs are going to go way up. You aren't going to pay $50 or $100 for a software package, it'll be 5 or 6 figures. You'll be paying for all the additional testing, certification, and risk.

2) You won't get new stuff. Everything you use will be old tech. You'll be 5-10 years out of date because of the additional time needed to test and prove things. When a new chip or whatever comes on the market it'll be a good bit of time before it has undergone all the validation it needs to be ready for such a critical use.

3) You will not be permitted to modify anything. You will sign a contract (a real paper one) up front that will specify what you can do with the solution, and what environment it must be run in. Every component will have to be certified, all software on the system, the system itself, any systems it connects to, etc. No changes on your part will be permitted, everything will have to be regression tested and verified before any change is made.

If you are ok with that, then off you go! The way I know this is how it goes is that we have shit like this, we have critical systems out there and this is the kind of shit they go through. They are expensive, inflexible, and out of date compared to the latest mass market shit. If you look at the computers that control a fighter plane or the like you'll be amazed at how "dated" they are. Well they are that way because development took a long time and once they are developed, they continue to be used, they aren't changed often.

Now if that's not ok, if you want the free wheeling environment we have now where you can buy new tech when you like, put things together in any configuration, and run whatever you want that's cool, but accept that means problems will happen. You cannot have it both ways.

Oh and also with that critical stuff:

4) There will be no FOSS. If there's liability for losses, nobody will be willing to freely distribute their work. They aren't going to accept liability for no payment, and aren't going to accept that if their code was used by someone else they might be liable.

Comment Re:Update: Testing EnergyStar by GAO resulted in: (Score 1) 272

GAO submitted a few non-existant products to test the EnergyStar program. Some notable results:

Gas-Powered Alarm Clock: Product description indicated the clock is the size of a small generator and is powered by gasoline.

Product was approved by Energy Star without a review of the company Web site or questions of the claimed efficiencies.

I'd buy one of these. :D

Comment They are also often newer (Score 1) 167

That is another huge determining factor. The big cost is laying the infrastructure. The kind doesn't matter so much. So, if you are doing new deployments, fiber is more likely. The cable company here is all FTTH all the time for new build outs. However once that shit is deployed a replacement is a lot of money that you'd rather not spend. So they are less inclined to do it.

Well new developments also tend to not be low income. Usually middle and upper class is what they target. No surprise then that is where you see more of it.

There are plenty of rich neighbourhoods where I live with no fibre. The one right next to me is a good example. About 2 blocks away, and they have the same cable and DSL offerings I do in my cheap condo. Neither the telco nor cable company feels there's enough money to be made in ripping up and redoing the lines in either place, despite the fact that those houses are almost all 7 figures.

Go out in to a new subdivision though, and it is usually FTTH.

Also when they do rip things up and replace, of course they target the rich places since those people are more willing to spend the money. Offer someone low income the option of $100/month gigabit or $20/month 1.5mbit and they will likely go with the 1/5mbit. Ya it is way more per bit and annoyingly slow on the modern Internet, but it gets the job done and $80/month is a lot in the budget of someone low income.

Comment Re:Agreed, though may I suggest (Score 1) 149

Thanks. I like the look of those a lot. It's a good deal cheaper than a similar Netgate device (my go to since they own PFSense). Only real area it looks like it would have notably worse performance would be VPN since it lacks AES acceleration. But so long as that isn't being used it should be around the same speed as the 4 core atoms Netgate uses.

I may think about one for home. I'll probably stick with my Edgerouter Lite since those Cavium chips just get lower latency than you can get in pure software at this point, but I am a bigger fan of PFSense than EdgeOS for sure.

Comment Agreed, though may I suggest (Score 1) 149

Moving to a better router? DD-WRT isn't as updated as it should be these days and has slow performance. Modern consumer routers are fast because they use packet acceleration tech built in to their chips. DD-WRT doesn't know how to do that (at least not that I've ever seen).

So what I recommend for geek types is go to three devices: Modem -> router -> wireless. You can repurpose your existing router as a WAP, or get a purpose built WAP. Either way, you don't do routing on it. Then get a purpose built router.

My top recommendation is a Ubiquiti EdgeRouter Lite. About $100 for a little wired 3-port device that'll pass a gig of traffic with low latency since it has packet acceleration and knows how to use it. It's a bit on the complex side and you can't do all setup through the GUI (IPv6 requires commandline work) but it is powerful, and they are pretty good at updating it. Runs a customized version of VyOS and provides you with access to all the low level stuff. You can compile your own shit for it if you like (is MIPS64 though).

If that isn't to your taste my second choice is PFSense. You can run that on anything x86 but the devices they sell on their site, made by Netgate, are great choices. Its more expensive to hit a gigabit speed because it runs all in software, and that also means its latency is higher. However that said I like the interface better and it is an exceedingly powerful and flexible firewall. It's updated regularly, you can buy professional support, and since it is software you can run it on anything, including a VM. Runs BSD underneath and you can get access to the low level if you want to mess with it.

Third choice would be a something like a Cisco RV340 or maybe RV320. It's the same general hardware as the EdgrRouter Lite, a Cavium Octeon processor which is MIPS64+packet processing, but with Cisco's OS whacked on. Easier to use overall, though not as flexible. Cisco tends to be ok with security updates. They use a slower CPU and less RAM so you aren't going to get a full gig, but they are pretty fast and are nice and low latency. Not too bad price wise either, like $150 for the RV320.

Comment Re:Ya, it's called IPSec (Score 1) 67

Oh ok, gotcha. In that case, I'd go for Private Internet Access. Their privacy rules are very good (in all cases we have to take the company's own statement on it), price is good, performance seems to be good, and it uses open standards for VPN connections. It also isn't like some where they are located in some minor island nation you've never heard of, they are in the US.

It's what I use and what my instructor at SANS recommended to someone else this week who asked the same question.

If you wanted to filter all systems though it you'd just need a router/fw that did it, again PFSense would do. It uses OpenVPN by default (can do IPSec as well) and PFSense supports that. Your internal systems talk to PFSense, have PFSense VPN to PIA and then set your routing to do 0.0.0.0 over the VPN. Make sure outbound rules are properly configured so traffic is only allowed over VPN interface and you've got an automatic, transparent, system where all systems will communicate via the VPN. You can always change rules if needed to permit direct communication.

If you don't want a network box you can set up your OSes to auto-dial PIA on start. For Windows this is best accomplished with the inbuilt IPSec VPN client, on Linux OpenVPN works nicely (though either can do both). Again you set local firewall/routing rules to prohibit traffic over the local net and require the VPN to be up. Then just treat it like dialup from the old days.

So give PIA a look, they seem to do well.

Comment Because government like Internet (Score 3, Insightful) 141

It is getting hard to work in the world with no 'net access. The governments want to use it themselves for many reasons, including just entertainment for the party elite. So, cut that off and they are brought down to the level of their citizens, and that they don't like.

Sanctions can work when they can actually effect the powerful. If you can do something that makes their life worse, that has an effect on them, then they care. This is something that has the potential to do that.

No silver bullet, but nothing is.

Comment Ya, it's called IPSec (Score 1) 67

With IPSec you can set up all kinds of policies as to what can communicate with what and you can, if you wish, encrypt all traffic, even over the local LAN. Be warned: It can get complex and you are going to need PKI set up if you want to have any realistic hope of managing it in an enterprise. However you can set things up so that all traffic is encrypted on the wires for all communications, and so that devices can only communicate with other devices of your choosing.

So for a simple setup you could have a firewall (PFSense if you want a cheap one) that talks to whatever your VPN/Proxy is. Then set IPSec policies so that all your computers talk only to it. All traffic will pass only through the PFSense (even internal traffic) and it'll all be encrypted (if you specify that). You set the firewall/routing rules on the PFSense and you can force all outbound traffic over the VPN, and decide what can talk to what inside.

That's a simplistic setup, and the firewall will be a bottleneck, but that's a simple startup. You then can do things like have system to system IPSec communication, more firewall, additional routing controls (on systems or the network) etc etc.

Comment Not only that (Score 1) 289

GM looks severely undervalued. What a "normal" P/E valuation should be varies depending on who you ask but usually in the realm of 14-20. In really bad bear markets indexes go down to like 7-10.

Well, GM is like 5. That would imply that it is quite undervalued at the moment.

So you have a very undervalued stock, compared to a stock that people are buying heavily on hyper/hope. That doesn't make for an accurate comparison. Sure Tesla has a bigger market cap... now compare earnings and get back to me.

Slashdot Top Deals

Waste not, get your budget cut next year.

Working...