Follow Slashdot stories on Twitter


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Re:VNC over SSH tunnels, public keys, no root logi (Score 5, Interesting) 126

Gee, I manage my cloud over SSH tunnels. Authentication is done with public/private key pairs. No SSH root user login. In the rare cases that I need a GUI, it's VNC over an SSH tunnel.

Any other ports?

It's tunnels. All the way down.

Yeah, it sure is unfortunate that you can't do exactly the same thing with RDP. And MS should definitely think of adding IPSEC support one of these days (yes, I know). Of course people are probably less likely to bother, since unless you're French, RDP is fully encrypted (standard VNC only encrypts the password) and talking of passwords it allows them to be more than 8 characters long. You can even have a username too, if you use the right version and configure PAM (joke - there is no right version for that because it's a terrible idea security wise). It has also never had a bug where the client could tell the server it didn't support any of its authentication schemes and so the server simply let it connect without authentication.

In fact this is the first time I've heard of a potential serious vulnerability in Remote Desktop, so frankly this is not the area to be smug about.

Anyway this is a bit too MS positive for my liking, so I'll just add that TurboVNC + VirtualGL + VirtualBox = one fucking awesome free VDI implementation. Add SSH, OpenVPN or IPSEC to taste if you want (although VirtualGL handles SSH itself transparently if you want). Actually for remote admin purposes you only need the 1st part (unless it's a bunch of 3D workstations you're supporting). And possibly a new hobby to use to soak up all the time you used to waste waiting for the screen to refresh. I would also mention FreeNX, but a) I think it gets outperformed by the above and b) I am fucked if I'm setting that damned thing up again just to verify.

Oh yeah, one more neat trick - Virtualbox can run in headless mode on a box with no GUI (or with one, doesn't matter). In this mode it serves up the VM display using an extended version of RDP. The great thing is this doesn't just apply to Windows VMs - it can serve any OS it can run over RDP. Watch the look on your colleague's faces as you get them to fire up MSTSC and connect straight into Ubuntu. Or OS2, OSX, Win 3.1 etc.. etc.. You can even dump them into an EFI shell or the virtual BIOS. Literally minutes of laughs to be had. Oh yeah, you may need the non-open source extension pack for that. Also they're adding VNC in the next release. I have no fucking idea why.

And no, I have no idea why you're not allowed to use RDP encryption in France. I have no idea why they're not allowed to use deoderant either, come to think of it.

Comment Re:How can they tell its tidally locked? (Score 1) 575

People are making lots of stupid posts today.

Yes, a lot of them don't seem to be able to write unambiguously. If that many people think you were saying one thing when you meant another, it's generally you that fucked up. Hope this helps. If you say someone has a lifetime of 75 years (about the average for the US) and don't mention that they're 12 years old, you probably shouldn't get angry when people ask what the fuck you're talking about.

Comment Re:No problem... (Score 1) 470

Similarly, I think the US should hold off on oil extraction until the other nations have started to exhaust their supplies. Once the prices start to rise, only then should we tap our reserves.

Unfortunately "once the prices start to rise" will be the very second your retarded plan is put into action, you fucking Yankee cretin.

Comment Re:Um.. (Score 0, Troll) 195

Yeah! To fight dupes I compute CRC checksum for each file and store it (and only it) on my back up drive. That method removes dupes almost automatically and there is a side effect of a huge compression ratio too. I have been downloading the high def videos from Internet for quite a while now and with my compression method I have used less than 10 percent of 1GB flash drive! I strongly recommend this method to everyone!

You only actually need one bit. The "I'm not fucking funny and this is the 5th time I've seen the same fucking joke in the same article bit". I call it the "twat" bit.

Comment Re:De-Dupe on Linux? (Score 1) 195

Instead of working full-bore on The Next Great FS, it would be really nice to have compression, encryption, deduplication, shadow copies, and idle optimization running in EXT4.

Maybe I'm just jaded, but I've been a Linux user for 12 years now. Sometimes it feels like the names of the technologies are changing, but nothing ever gets 'finished'. Maybe the NTFS/BSD model (good core design, long intervals with only minor changes) would be wise in Linux filesystem development.

So you're saying you'd like to see it evolve slowly like NTFS, while adding all these whiz-bang new features stat?

Comment Re:Oversubscription (Score 1) 129

When can we just effectively get what we pay for? This would explain the sudden jump in Intel-based Camfrog servers with a higher offering of hardware.

This effectively means people can now lie about the hardware they're leasing out to you in a data center. They say you're getting 4GB, you're actually getting 1.5GB of RAM.

Our internet is oversubscribed, our processors are getting there, and now RAM?

When are the designers of this stuff going to just build the fucking hardware instead of trying to lie about it?

Sorry about your anger issues and obvious lack of understanding about what this is.

Comment Re:100 Comments and No Cospiracy Theory yet! (Score 1) 178

There was a story a few years back about a Security researcher that determined the quartz units in every computer are unique and have different enough time drift to fingerprint the individual machine's traffic despite IP address changes, proxies or anything similar.

Does it work with TCP timestamps disabled? I'm guessing it doesn't. I always turn them off when deploying Linux servers. At the very least it's worth doing to confuse pen-testers, since it makes OS identification significantly harder. And as far as I'm aware it has roughly zero useful functions these days.

It's really easy to do - it's just a single sysctl setting. And it's even easier on Windows - you just put it behind a Linux router with the right sysctl settings.

Comment Re:nice news (Score 1) 262

thank you for the info and explanation given

Weren't they the Indian car rental company believed to have links to the Mumbai shootings?

FYI - This probably isn't a good place to try your SEO bullshit.

Crownrentcar, semtex, Al Quaeda, Crownrentcar, Bin Laden, Mumbai, Crownrentcar, AR-15, Echelon, Crownrentcar, 9/11, Omaha, Tamil Tigers, Crownrentcar. Does that help ya any?

Comment Re:Oh geee is it. sounds like bullshit ... (Score 1) 283

'messing a game up while playing on a gaming platform' is not software programming.

This is the stupidest and most obviously wrong statement I think I've ever seen on the Internet, and I love to troll the forums where whackjobs like you hang out. So er, well done I guess. So wrong in so short a space, there should be a prize really.

Comment Re:I love OpenBSD (Score 1) 143

Maybe the first was the really easy installation process...

The trouble with BSD people in general is that you can't tell if they're trolling (Theo), being trolled (80% of the BSD community are responding to obvious trolls at any one time which is why they advance so slowly,) or they actually believe what they're saying.

Maybe you're the same guy that said he was running the Linux Quake 3 under OpenBSD's Linux emulation and getting a higher framerate? This was on Slashdot quite a few years ago. It was soon pointed out that it really, really, wasn't possible to run the Linux version of Quake 3 on OpenBSD, and what's more it didn't have any 3d accelerated drivers (at the time anyway). He probably still believes that he did it though and I bet he's not the only one.

Slashdot Top Deals

Elliptic paraboloids for sale.