Follow Slashdot stories on Twitter


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Thanks, *hats (Score 1) 79

Security is an ever evolving moving target. What is deemed secure today may very well become insecure tomorrow.

While I agree with you on this point, you aren't looking far enough at the problem.

The real problem is the number of these devices that never see updates/patches from the vendor. This plays out in two ways. The first being that the vendor never patches anything and the second is while they do, they don't make it simple for the average user to A) find out about the update and B) install it.

The other problem we have is that security is not a selling point for the average user. They pay attention to the bling, so even if there was somewhere you could go to get honest and up to date security reviews on products before you buy them, most people wouldn't. While I am no fan of government regulations (due to how they instituted and implemented in highly politicized manners), this is something where the world could benefit.

In the later regard I view it much like vehicle emissions. The majority of people just don't care and even many of the ones that do don't understand how wrong they are on the facts. As such it is valuable for governments to step in with clear and impartial (it's Monday, everyone needs a good laugh to start the week) requirements that manufactures must meet before their cars can be sold.

Something similar should be in place for network connected devices to force companies to be better actors. Otherwise, as in every other industry to date, corners will be cut on consumer/environmental safety since such enhancements will generate little if any revenue. It should not be left to the person that can't figure out how to connect their cable router who is also the same person that will think an Internet connected TV or fridge with built-in cameras are a good idea...

Comment Re: net6501 (Score 2) 247

Ubnt edgerouter

I'm a fan of their stuff so I recently picked one up to play with and use as a backup to my Juniper.

While the features are there actually configuring and using them is a PITA that is wrought with frustration if you have any experience with real enterprise level gear.

The biggest frustration for me was it's inability to load full structured (e.g. not a list of set commands) config files from a default configuration. The problem is that rather than wipe the existing config and apply the new one, it does it sequentially and not in a transaction. This causes problems when it realizes that you've deleted the default firewall, but it fails to remove it because an existing interface is still referencing it even though later in your config you change the settings for the interface and remove said reference. In such cases it also leaves the configuration in an odd state as some things get applied and other (even unrelated to errors) aren't.

After 2 months of fighting with it and still not being able to replicate my Juniper config I ended up dropping another $400 on a new Juniper to be my backup/dev router.

I like the idea of the Edgerouters, but they just aren't there yet. At least I'm only out $50 for it though. It certainly has a lot for $50!

Comment Re:NoSQL is amateur land. (Score 4, Informative) 96

The issue here really isn't SQL vs NoSQL. It's about securing the data and access. Lack of security is not inherent in NoSQL, it just occurs more often than SQL databases.

Well, I'd have to disagree here. If I install a MongoDB on some cloud VM using the default setup, I have an insecure database available on the internet. If I install Postgres, well... I can't even access the database remotely.

Ummm, unless something has changed recently the respective "createdb" tools for both MySQL and Postgres make it very simple to start up a new DB with an open root account and listening on an IP.

I agree with your general view on NoSQL and who tends to use it, but it's the ones using it that are the problem here and not the software itself. The only argument against NoSQL/Mongo here is that it is shocking in this day and age for any server to allow un-authed access. That can be applied to many server software packages though including OSS SQL DBs.

What this is really a symptom of is the people with no real experience that are just about "getting the job done" rather than understanding the actual problem and the potential risks. I don't know how many times I've seen cases in my career where the first sign of communication issues causes people to start tearing down the security barriers. Most of the time the real problem was a minor config issue (going over the wrong interface, missing host to host ACL, listening on the wrong port, etc..), but the damage done to "just get it working" is rarely ever fixed.

Comment Re:I'm not sure I understand (Score 1) 146

Give the users some kind of feedback to know that SHA1 is being used by the site and that they should maybe get their shit together, but whether or not support is dropped should be up to the site administrator.

Cause that works so well for the existing "connection may not be secure" messages that the average person doesn't understand so they blindly continue on.

What I don't understand is that it is the browsers removing the access. If a website really wants to support the old clients/ciphers they are still free to do so.

What it really seems to be is that this will force some lazy sites to update their certs to not support only SHA-1. If so then they need to shut the hell up and protect their customers.

Comment Re:Where did I see this?.... Better Call Saul (Score 1) 503

Unfortunately, tell people their disease is mental, not physical and they are insulted and rage. When in fact mental diseases are real and certainly FEEL real to the person suffering from them. I find it far more likely that our brain can suffer from "idea viruses" that it takes far too seriously, than somehow our body is reacting to radio waves, when those same waves are, and have always been, present from our favorite daystar (and to a much lesser degree, all the other daystars shining at us).

You aren't accounting for the long history of things that have been attributed to being in someone's mind that later get shown to be real issues. We shouldn't turn off all electronic devices, but more study is certainly worthwhile.

From my own experience I know I can see fluorescent lights flickering when others around me can't and I used to be able to see refresh "lines" of CRTs when others couldn't. There are also cases where I have detected "noise" from electronics that others couldn't. In all such cases it turned out that the item in question was failing and I just happened to be able to sense/see/hear it sooner than others. From my own non-empirical study it seems that those that have a higher sensitivity to such things also show a propensity for regular migraines.

I've never felt the need to kill myself over it though or demand the rest of the world return to the stone age.

Comment Re:Not justified (Score 2) 137

That's not an adequate justification for forcing ISPs to expend substantial resources

Substantial resources? Seriously? That's a basic shell script to run a bunch of DNS resolutions and then add the addresses into an existing Firewall drop policy. That's sys/net management 100 level stuff.

If you are a bad admin you have to run the script on each Firewall. If you are a good one you have a central place to update such policies that can then be pushed out as desired.

If you are expending "significant" resources on such a task, you are doing it wrong. Seriously wrong.

Note: I'm not defending what they want to do, just pointing out that your anti-justification is ludicrous.

Comment Re:National level? (Score 1) 171

A better question is, Who thinks asteroid mining is economically feasible to the extent that they needed a law regarding property rights for it?

Ones that are far thinking enough to realize that they can get such laws passed now while both the law makers and general public A) are ignorant of the impact and B) aren't interested enough to care.

This isn't about anyone doing anything now, it's prospecting for the future.

Comment Re:How can there be? (Score 5, Insightful) 622

I'm not sure why people have been clinging onto these ideals of "unlimited data."

Maybe because the tiered plans they offer as an alternative are ridiculous?

All these plan switches I've looked into offer a couple cheap options with ridiculously low caps then some larger (which still aren't always enough) plans for a non-comparative increased price. Often you find that the plan that would fit your needs is more expensive than what you are already paying for the unlimited plan. Finally if you end up going over the plan cap, the overage charges are obscene.

Then factor in if your usage isn't predictable and can swing by 50% or more each month you then start talking about wasted money (paying for a big enough plan to cover your "bad months") or are getting screwed by the overages on the months you run high.

This push for caps has nothing to do with any small subset of user's usage outside of the PR spin. It is all about getting us to pay them more money either upfront (too big of a plan) or after the fact (picking too small of a plan and then getting hit with overages with no effective warning or way to prevent it). If this was really about resources they would automatically throttle you after a certain point or these would be hard caps that cut you off until you took action (e.g. upped the limit) rather than just start adding dollar signs to your account. I have also yet to see one that offers easy to use/find tools that let you control what happens as you approach and hit the cap (e.g. notifications, throttle the bandwidth, cut it off) and that's the biggest indicator that this stuff is just to line their pockets while emptying yours.

You also have to ask just how many residential users have any idea how much data they are consuming on regularly basis?

Comment Re:These folks know nothing of science. (Score 1) 248

They understand science, they just want to fully monetize it like they want to monetize/privatize everything. Their "ignorance" is willful. People like Ridley know that what they are saying is pure bunk, but as long as enough "journalists" and government officials believe him (or just use his nonsense as cover), the corporations looking to make a buck will lobby the crap out of Congress to defund the NIH and give the money to pharmaceutical companies instead. Industry does not invent things, they monetize the inventions of others.

Phama loves the government funding bio-tech research. Where do you think a good majority of pharmaceutical "innovation" comes from? They let the Government grants fund the research and take the risk. Then they come along, purchase the promising patents at a fraction of what it would have cost them for internal R&D, and then tack on a massive markup when it finally goes to market (you know, to cover their R&D costs...).

What Pharma wants defunded/neutered is the FDA so they can push more stuff through with less oversight.

Comment Re:Not a problem (Score 1) 161

So no, do traffic shaping by all means. It's a reasonable and proportionate approach to assuring quality of service. Just do it for all packets of that type.

Or they could always do something novel like not oversubscribe their service or build out their infrastructure to actually support what they are selling.

Traffic shaping at the local network level where the administrators actually know what type of traffic is important to them is fine. Shaping at the provider level is ridiculous as it will always unfairly hinder someone (why should your gaming/streaming/backups/pr0n/etc... be more important than whatever I am doing? Why should whatever I'm doing be more important than what you are doing?).

Maybe those things that have a low tolerance for latency should finally go back and deal with it like they should have to begin with. Our problems with network traffic are perfectly analogous to memory and storage foot prints of applications. There was a day when resources were finite both in availability and price, but as the resources became more readily available we collectively got lazy and just said "buy more resources". I'm not suggesting that we go back to living in a 300baud world, but there is also no reasons for services to blindly consume as much memory/disk/bandwidth as possible when they rarely actually need to if they put the effort in up front to design their systems better.

Comment Re:rebuild or develop from scratch or... (Score 1) 146

Or, more likely, switch to FreeBSD and forget Linux ever existed.

This was along my line of thinking. Few are going to try to rebuild most of those things if they all of a sudden disappeared. They are simply going to another vendor that already offers a similar product.

There is certainly a cost to all of that and it would be painful, but I somehow suspect that the price of switching would be far less than their estimate. Well, unless you went to Oracle for everything...

Comment Re:Routers with VPN (Score 3, Insightful) 173

Just use a couple of small business routers with built in VPN. They do all of the different subnets and wireless and all of that stuff. They're a few hundred bucks each.

Ubiquiti has a small router with enterprise level features for less than $100. A site to site VPN and VLAN support are just a few of it's features and all you need to solve this problem.

I'm still running a Juniper SRX-210 at home, but I've been happy with the UniFi APs and EdgeSwitches I have from Ubiquiti so this little router is definitely on the short list when the time comes.

Slashdot Top Deals

Despite all appearances, your boss is a thinking, feeling, human being.