Please create an account to participate in the Slashdot moderation system


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Decommissioning servers (Score 1) 569

I still disagree with you.

When I decommission a hard drive, best practices state you wipe the entire hard drive.

You don't go and delete specific files like exchanges .EDS data store files and your web browser cache only.

In fact the way BleachBit deletes data, even though recovery of emails on these drives would be impossible, the windows SAM file remains undeleted and in perfect operating condition along with the entire OS.

I could easily extract password hashes from those untouched files and brute force them.
There could be many other files left littered around the HD that would provide or point to other authentication credentials, not to mention all the saved passwords in the windows password store and all the applications that do it on their own.

No, wiping the entire hard drive with something like DBAN is the only way to properly decommission a hard drive if you are concerned it may leave your possession (selling or disposal doesn't matter)

BleachBit is absolutely nothing like a paper shredder. It is more like using a black marker to redact lines printed on those papers and then leaving the entire stack of paper out so anyone can still read the rest and see there is text redacted.

Shredding the whole paper would plausibly be proper disposal. Marking out lines while keeping the paper is not.

Comment Re: "Millions of dollars"? (Score 4, Informative) 110

They arrested this guy because he had a server located somewhere in the USA. The same way they went after Kim Dotcom.

KAT had all their servers located in Canada-America and Sweden-America, while Kim Dotcom had his servers located in America-America.

While it's been obvious from legal history over the past couple years that Canada and Sweden operate under American law only now, many people are not yet used to that and incorrectly assume those are other countries with their own laws.

That confusion is what lead the parent poster to ask their question. It's just your explanation is equally as confusing of an explanation as it implies the servers were located within the old traditional US borders when that is obviously an incorrect statement.

Instead you should have explained that the servers located in Canada are fully held under US law as if they were located somewhere in the USA.

Comment Re:Hyper-linking was invented in the 60's .... (Score 1) 70

3-4 years prior to RoboBoard was a system called FirstClass (originally macintosh only) that was started to be a groupware 'learning management system' but was heavily utilized as BBS software as well.

It provided email and forums (even with fidonet support, although mainly via 3rd party software as FCs remained pretty lacking), voice/fax, file transfer, etc and the protocol was multithreaded so you could be doing all of those things at the same time, and all over a 1200 baud modem.

It was primary used with a GUI client, although had options in the server to provide a crappy text interface for dialup users in a terminal app. This text interface had nothing on wwiv but did at least provide a simple way to download the mac or windows GUI client for the advanced features.

They later added appletalk networking and finally tcp/ip as well in the early 90s, but by 94/95 the BBS era was pretty well dead and everyone moved on to the Internet.

At least around these parts the transition was a fairly obvious one.
First you offered a BBS.
Then you offered a BBS with Internet.
Then you offered Internet with a BBS.
Finally you just offered Internet.

Between Eternal September in '93 and the web just being invented shortly before, that is when Internet usage exploded and was the beginning of the end for the entire BBS world.

Comment Re:The console advantage. (Score 1) 86

Because there were a ton of 2600 machines out there that would not be compatible, while the 5200 was compatible with 2600 games.

Just a tech-nit, but it was actually the 7800 that was the "next gen" 2600 that had backwards compatibility with games and utilized the same controllers.

The 5200 was a totally different and unique beast that wasn't forward or backward compatible with anything, used completely different shaped cartridges, and a different controller protocol and connector (it was analog input with a keypad of buttons and the new pause from the controller function)

Comment Re:Uh, no (Score 1) 250

We cannot create intelligent machines with personalities of humans.

What you claim is impossible is a thing we humans do many thousands of times every single day.

It's called having babies. You are not a special snowflake, your body is just a machine made of billions of cells working together in a very (Very) complex system.
The fact we do not fully understand that complex system does not change the nature of what it is.

The question isn't if it is possible to do the thing we do multiple times a day.

The question is only one of engineering, if we can learn the knowledge and ability to gain much more control over the existing process we have for making intelligent machines, in order to build more resilient and stronger components to the machines we are.

However traveling faster than light speed currently really does look like it is a physical impossibility.
Which presents yet another significant obstacle we would need to work within the limits of, and you may very well be correct that the traveling fast enough problem turns out to be insurmountable.
(Which would be very sad indeed, but unfortunately that currently appears to be the case.)

Comment Re:true (Score 4, Informative) 368

With RealVNC - can I remote into a machine which is still at the bios / boot stage?

Yup, AMT can provide remote access when the system is in any of its sleep states from s0 (fully on) down to s5 (powered off), so long as the system is plugged in and has power available.

You will see the whole BIOS bootup sequence, including seeing and able to send the usual interrupt keys like del or F9 or whatever to get to BIOS setup.

I've had some older HP workstations be a little funky between the BIOS setup and the OS taking using the GPU. Generally I'll see a screen flash and get disconnected, after which VNC reconnects immediately and all is well again.
Newer HPs we have haven't done this that I recall, nor have the Dells or my home built franken-pc so guessing it's a fixed bug with older AMT versions?

In fact one of the main purposes of ME is to change the power state, meaning you can turn the main system on or off or reboot it just from there.

That's how I re-image a remote system after a hard drive failure.

I have someone on-site power off the system and replace the hard drive with a new one, then let me know.
I then connect to the remote system via ME/AMT and setup a dvd-rom redirect to an ISO image on my PC, start the AMT VNC server and connect to it from my PC, lock the remote systems keyboard so anyone local can't over-type me, and then instruct the remote system to power on.

Then during boot if the remote system gets stupid and tries to boot from the new blank HD and stops, I can issue a reboot command and use the F11 boot menu from the BIOS to point it to the DVD drive. Usually that part just works though (like I said, all related to the older HPs)

Once the linux image boots and runs clonezilla, it's just an [enter]-[yes]-[yes] away from writing the backup image back to the new HD.

You can of course point to an OS install media instead and do that manually, I just tend to try and avoid that for installers using a mouse, since over remote links that can suck pretty bad. Over LAN it seems nice and responsive however.

Once done I do a normal "shutdown -h now", disable the DVD drive redirect, and power the system back on. Once I see the windows loading screen I'll disconnect VNC and shut down the VNC server in the AMT, and logout of the https interface.

Since I let AMT piggyback on the host MAC and IP, it basically intercepts any tcp ports it is using instead of passing that info up the stack to the OS.
I don't leave VNC running in the AMT just in case the host OS needs to run a VNC server on the default port for any reason - plus nothing good can really come from leaving it running when not needed.

ME uses https over port 16993, which isn't likely to be used on the OS (or if so, too bad for that app I guess)
If you already have RealVNC and a Core i7 at home to play with, boot the i7 and hit control-p where you normally would hit delete or a function key, and you'll be in the ME setup menu.
You can enable both ME and AMT (they are separate sub-systems) and play around.

Comment Re:true (Score 4, Informative) 368

You forgot the part where you write Intel a big fat check to use the feature. Intel charges big bucks for vPro software and these features are part of vPro and you can't enable them without the vPro software. IIRC it's all tied to a digital signature that Intel controls and you can't even look at it without giving Intel money.

I didn't forget it, because that isn't true.

The control software is free. I didn't pay for my web browser, VNC client, or the intel SCS client (I even have you the download link)

The firmware is already included in any vPro CPU, you turn it on by holding control-p at boot.

I've even played with this feature at home on my own hardware before deploying it at work. Other than having purchased the computer/CPU, there is no further cost.

I'm not sure where you got your information from but it is certainly incorrect.

Comment Re:true (Score 5, Informative) 368

Because it is not enabled by default.

You need to know how to get to the configuration menu, then enable the engine, then assign it a method to access the network (either static IP on a unique MAC, or to piggyback on the host OS's MAC), and set a password.

Only then are the ports opened for the HTTPS interface on port 16993 to continue the rest of the setup or use AMT.

On boot (where you normally can hit Delete or a function key to enter bios setup), hold down control-p to get to the ME setup menu.
Assuming you aren't at work or something and using your own computer, you'll see it is disabled.

Comment Re:Old news (Score 4, Informative) 368

The ME [Intel Management Engine] also has network access with its own MAC address through an Intel Gigabit Ethernet Controller.

How would I not notice this in my router or edge device logs?

Mainly only by not looking.

That may sound stupid at first glance, but the fact Intel AMT articles keep popping up a decade later written as some form of surprise that the feature exists seems to prove most people don't bother looking.

ME/AMT utilizes HTTPS by default on port 16993, can support HTTP by default on port 16992, and VNC protocol on I believe it's default port (I've never had to specify an alternate port in the VNC client to connect)

Also of note is that older ME versions don't let you upload your own SSL certificate for HTTPS, and although I may be wrong but I'm fairly sure VNC by default is not encrypted either.

This means someone in your posistion of control over the core and edge network would both see this traffic if looking, and potentially be able to setup a MITM to obtain the ME/AMT login credentials fairly easily depending on your desktop admins setup.

Normally LAN to LAN traffic over a proper switched network is relatively safe, seeing that an ARP storm to a switch for redirecting LAN traffic would ALSO be noticed by you the network admin, and ideally has been proactively prevented as well.

For desktop admins and/or network admins without this knowledge or skill however, if the LAN doesn't prevent or log/notify about such things, ideally the ME/AMT hasn't been enabled either.

Only those with a tiny amount of knowledge (just enough to be dangerous) are likely to shoot themselves in the foot with a horribly insecure setup.

Comment true (Score 5, Informative) 368

Editor's note: The summary is written with inputs from an anonymous reader, who also shared the story. We've been unable to verify the claims made by the author.

Uh, the claims are quite true. I've been using these features at work for about a decade to perform remote OS installs and HD re-imaging at remote locations, where the on-site staff only pop in a new blank HD.

All Core i7 CPUs have this in them standard, and many i5's too especially at the higher end.

[PDF] Datasheet on the MEBX management engine:

[PDF] How to enable and use the AMT active management engine:

And here is the SCS software used on another computer to control an AMT enabled computer:

RealVNC works with an AMT enabled computer out of the box too and with all the normal features you would expect like remote keyboard/video/mouse control, redirected drives, etc. But isn't a free program.

Other VNC clients seem to be hit or miss but even when they work you only get remote KVM, you'd have to use the built-in AMT web server to configure drive redirection and issue power on/off/reboot commands.
There is a similarly limited VNC client included in the SCS software link above, and a second web browser window will let you do the rest, even if slightly clunky, but still for free.

Comment Re:Sooo..... (Score 1) 120

I rate the most viable technologies by the level of damage the nail does to the technology in question. Right now the LaserDisk, CD, Compact Cassette, and vinyl record are leading, as the nail did a real number on the others.

I'm a little confused. Are you saying a technology is most viable if it comes with a hole in it?

Because I would imagine hammering that nail through the data part of a LaserDisk, CD, cassette, or vinyl would do a pretty bad number on those too :P

I'll just mount it on the wall here next to my CD, LaserDisk, Betamax, VHS, 8Track, and Compact Cassette tape.

For the VHS and betamax, there is a small protruding tab attached to a lever that when pressed in will allow the opening of the tape cover. Once opened you could then hang those by the cover itself on a nail without much if any damage too.

I admit 8 tracks are a few years before my time so can't offer wall mounting advice there, but it did get me a little curious.

I only recall the tape being exposed on the end similar to a compact cassette, but don't recall any holes through the thing for a gear to move the tape real inside.
How did the tape deck move the tape?

I also don't remember seeing any transparent 8 tracks, nor any gear mating holes, even on the back only. A one sided gear mate would certainly pose a problem for wall hanging.

Was the tape movement pure friction on the tape itself pulled into the deck or something?
Would it be possible to pull out a small loop of tape and hang that loop on a nail? Could that even support the tapes weight?

Curse you, I now foresee a time sink with google this evening ;P

Comment Re:Reasonable solution (Score 1) 99

At some point, we will have to find a reasonable solution to the problem of something which is strong enough for us, but in some way allows the government (with an appropriate warrant) to access data.


I know the anti-government types will shy away from this, but, with a warrant, is this so unreasonable?

Well, let's examine some history here and see if it is unreasonable or not.

Of all the terrorist attacks on US soil, encryption was only involved in one, and once decrypted had no data within at all.

Of all terrorist attacks on US soil, the FBI already knew about the planned attacks weeks to many months in advance. They knew who would be performing the attack, where they would be attacking, and when the attack would take place.

Yet even with knowing most of the details of the attacks ahead of time, they stopped exactly zero of them from happening. Zero.

If you already know the who, when, where, and occasionally the how and can't stop the attacks, how exactly is compromising every Americans personal safety to provide them... what useful info again exactly?

I also don't see how the 'why' would even help in the goal of stopping them. Obviously the 'why' would be nice to know, but that seems like a thing to do after stopping their attack and not exactly a priority before.

OK the 'how' may be useful, but if you already have the who, when, and where then you have everything needed to prevent every terrorist attack carried out so far, and again they failed to do so each and every time.
I very much call into question that them knowing the 'how' would aid them anymore than the information they already have.

It doesn't matter if the guy has a gun or is carrying a bomb or even uses your hypothetical nuclear device. The fact is if you know who has it, where they are, and when they plan to use it, you have everything needed to stop that guy from doing anything.

That is why I don't feel it is reasonable to give the government so much more additional power that literally will not be used for the stated purpose and isn't required for the stated purpose.
But all of the many many unstated purposes for them having such power are beyond frightening in how far the government can abuse them and how much damage and harm they can cause with it.

I firmly reconfirm that such an unbalanced trade is unreasonable, and the practically no benefit is not at all worth such an extremely high price.

Comment Re:Put your fucking phone away (Score 1) 150

I don't really thing it's the same thing at all.

Now I admit I haven't been to a rock concert in years, but has there ever been one that outright banned said lighters? It seemed to always be encouraged to me.

In that case replacing one OK thing with another similar thing logically should also be OK.

But in the AMC case, we have people who want to go to a movie theater with NO intend to watch the movie and FULL intent to annoy everyone around them.

We call those type of people trolls, and we don't tolerate trolls.
At best we ignore trolls and at worse we fuck with them back, aka trolling the troll.

Comment Re:Comets (Score 1) 96

Why, because no one but you knows how to read an article?

Hundreds of anonymous cowards every day in every article ever posted to slashdot for over the last decade bitch and moan how the summary doesn't explain enough or define common everyday terms any technical person should already know.

So in fact no, the vast majority of people on slashdot do not know how to read an article.

Additionally a shockingly large amount of slashdot readers don't even know how to read the summary. No where near "most" like reading articles, but quite a large number none the less.

Slashdot Top Deals

Swap read error. You lose your mind.