Become a fan of Slashdot on Facebook


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Why is this posted? (Score 1) 33

I've never been one to whine about stories being posted here, but this one has me particularly puzzled. Is there something novel about this particular set of patches? I ask because I've seen many, many kernel updates released by Canonical to my 14.04 boxes involving potential local exploits, since 14.04 was released. Anyone know why this one warrants a story, or is it just a slow news day?

Comment Re:Pay them market value (Score 1) 234

That depends on your viewpoint. A good friend of mine is a professor of mathematics at a pretty good private university in the US. He likes to travel and has been to conferences/workshops all over the world, all paid for by his grants. Of course, he's single, and your point certainly could be valid for someone with a family, but on the other hand a lot of this conference travel happens in off-times (winter break, the summer) so one could involve their families on some of these trips, combining it into a vacation -- and I know some profs that do. (Of course, they have to pay for the family members' travel expenses, but it's still one less person that has to be paid for...)

Comment Why not use commit date as version (Score 4, Funny) 199

Personally, I think it would be better to use the date as the version "number," though I'm sure that people who have thought about this issue more than I have can come up with reasons that's not a good idea.

One other idea, why not just use the git commit hash? That would really roll off the tongue and be easy to remember. I can see it now:

"Just released, Linux Kernel 634713bc047a87bf8eac9674765ae793478c50d2!"

Submission + - Seven IPMI Firmware Zero Days Disclosed (

msm1267 writes: HD Moore today disclosed seven zero-day vulnerabilities in IPMI firmware from vendor Super Micro. The security issues were reported to the vendor in August, however the vendor, beyond acknowledging receipt of the vulnerabilities never communicated with Metasploit regarding a fix.

A Super Micro representative told Threatpost that this was an “old story” and that the issue had been resolved. A request for further comment from a Super Micro project manager was not returned in time for publication and the availability of patches could not be confirmed.

IPMI, or intelligent platform management interface, are tiny computers that sit on a motherboard that are used by IT administrators in large data centers for remote management of servers or remote BIOS maintenance. They’re mostly present in rack-mount servers, and are cumbersome to update because they often require physical access to the hardware, and in a service provider environment, for example, there could be hundreds of these embedded devices present.

Beardsley said that a Project Sonar scan for the IPMI firmware in question, version SMT_X9_226, found 35,000 of them online. He estimates that number likely represents less than 10 percent of the total devices in use.

Comment Re:who thinks about their smoke detector? (Score 1) 177

Many apartments are like this. Here in the Boston area there are quite a few apartment buildings with central heat that individual units have no control over. It's especially bad with those damn steam radiators. Depending on what kind of insulation you have, part of a room will be boiling hot and the other part will be freezing. If you stand in between the two extremes and rotate, you can kind of keep yourself at a comfortable temperature, but that's a bit... awkward to do.

Comment I'm going for an S3 (Score 2, Interesting) 470

(Grrr, thought I was logged in.)

I've decided that my next phone (soon, I hope) is going to be the S3. I'd been holding out with my iPhone 4 for a while, waiting (like many others, I suspect) to see what Apple would wow us with for the iPhone 5. Needless to say, I wasn't that impressed, though to be honest, part of me really didn't expect to be, given that there are only so many innovations they could have come up with. What could they have done? An even bigger screen? NFC? A phone you could roll up? The first two would hardly have been groundbreaking and the latter is tech that doesn't really exist yet.

Still, at the end of the day, I'm sure I could be happy with the 5, but I'm ready to play with a new toy. I've never had an Android device before, but got a chance to play with a tablet and some phones over my vacation, and I liked what I saw.

Captcha: revenues

Comment Re:Key AND Password (Score 2) 167

I use Mobile OTP ( for two-factor auth at work. Once I figured out the PAM side of things, it was quite straight-forward. I installed it on my server at home as well, but I'm a little more relaxed about it -- I allow ssh from a few "trusted" boxes via ssh-keys, otherwise it requires password+OTP token authentication. Now, I just have to worry about keeping those "trusted" boxes safe. (I do have a password on the ssh keys, but wonder if I have a long-running login session with the keys installed into ssh-agent, I might be boned anyway if someone were to break in.)

Slashdot Top Deals

The way to make a small fortune in the commodities market is to start with a large fortune.