Please create an account to participate in the Slashdot moderation system


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - Ask Slashdot: How to Trust Security Software? (

hypnosec writes: In a latest discovery, McAfee's SaaS Endpoint Protection has been found to be ridden with a flaw that reportedly lets spammers use the systems to spread spam. McAfee has acknowledged the flaw and has said "We are aware of the issue and have both threat analytics and development teams diligently analyzing the problem and possible solutions". Releasing a software solution in haste and later acknowledging a presence of a flaw seems to be a trend that is picking up and security software companies 'adopting' this trend is a bit worrying for me. The question that keeps on popping time and again, How to trust the security software that is meant to protect us? This question might seem to be a long shot but, with the current trend of versatile and high profile hacks, the least we want to see is defense of our systems weakening because of a software that is meant to protect our systems.

Comment Re:MSN sucks! This would never happen to Google! (Score 1) 330

Testing ads for malware presence is not as simple as testing an executable for a virus because in general case ad is a combination of Flash, JavaScript and HTML documents hosted on 3rd party servers which may change content of these documents at any time. This means the testing machinery have to do repeat tests all the time but given that there are many creatives in ad network there is a limitation on how quickly you can do repeat tests. If malware author is smart and for example implements a strategy where malware is active only on each 100th impression it may take quite long time to detect the problematic ad.

Submission + - Police Shut Down ‘Russian Rapidshare’ (

m_ilya writes: "Russian police have raided a datacenter hosting, a huge Rapidshare-like site. Their paperwork allowed them to search and gather evidence against a user who uploaded child pornography to the site. Although staff offered 100% co-operation, the police cut the power and sealed the servers in the datacenter, putting iFolder completely out of operation."

Comment Re:Photography Copyright (Score 3, Informative) 263

It is not completely true. If you take picture of me the copyright might be yours but you are often limited in what you can do with the picture. Unless I sign a model release form. As I understand according to USA law there are some cases when non-private use is allowed without the signed form but you definitely are not allowed to sell to stock image agencies without this.

Comment Re:Warning - Honest opinion below (Score 1) 455

Removal of icons on the desktop

I was always wondering what's the point of icons on desktop. The idea is really silly - most of the time desktop is covered with opened windows so you cannot access the icons without closing or minimizing windows. Good to see KDE 4 got rid of them :) Perhaps I should switch back to KDE; systems which not allow to remove all icons from desktop always annoy me a bit. The only time I see empty desktop I'd rather see an abscured background there.

Comment Re:Puppet (Score 1) 904

Same story here. We run puppet with more then 400 servers and it is pain to get it working. There are many issues which show up here and there: memory leaks in both client and server (aka puppetmaster), periodic lock ups and even file corruption. Besides it is quite slow. I'd migrate us to something better but not sure what to switch to. Besides we've invested into puppet based infrastructure too much by now to make the switch easy. One problem with puppet is that it looks very nice at first when you have small infrastructure with small number of servers and simple manifests. As your infrastructure grows you hit all scalability issues with puppet but by this time switching from it is hard.

For anyone interested into how to get puppet work for any real work load this is what we do:

  • Run Puppet under Apache+Mongrel. By default it runs using WEBrick what breaks easily under any moderate load. Plus using Apache you can run multiple backends what helps if you have multi-core server for puppetmaster. Alternatively you can use Nginx+Mongrel or other web server with proxying capabilities + Mongrel.
  • Restart backends from time to time because they leak memory. We have a cron job to do this every 15 minutes (yes, it is that bad).
  • Puppetmaster has a cache which we saw to get corrupted sometimes. Our "fix" is to delete it before each restart.
  • Do not run puppet client as daemon. Run it as a cron job. Puppet client when run as daemon leaks memory and get stuck from time to time. In our cron job we add random sleep before starting client to make sure requests do not hit server at the same time.
  • Never serve big files over puppet (i.e. from its filestore). Puppet does a number of stupid things with big files like say reading them into memory first before serving it to puppet client. If you need to distribute big files use other means (HTTP, FTP, NFS, etc).

Slashdot Top Deals

It is difficult to soar with the eagles when you work with turkeys.