Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Beware padding oracle with compression& encryp (Score 1) 89

Compression before encryption often results in a padding oracle or other problems. If you're designing a system that is supposed to be secure, avoid compression until you fully understand the issues. Avoid compressing and encrypting chosen plaintext at all - you'll never be sure you understand all of the issues with that.

Comment The five ISPs I can choose are lies? (Score 1) 94

> Texans have a problem believing too many lies, as usual.

The various ISPs I can order service from are lies, they don't actually exist? That's weird since I'm using the service to post this message.

Apparently *one of us* was lied to.

I work from home, so reliable service is important to me. For that reason I asked around to see which ISP is best in this area. Fellow customers didn't steer me wrong - I've not had any down time so far, nor have I had any billing issue.

Comment Overbuilders. Fiber makes this the right time (Score 1, Interesting) 94

On the coasts, many areas are still under legacy (and even new) franchise agreements. The New York City franchise map is a good example that is readily available - provider A is allowed to operate on one side of the street, on the other side only provider B can offer service. Customers get whichever ISP is assigned to their area by the bureaucrats (who get donations from the ISPs). The ISPs are free to suck, because there's no competition.

There was some hoopla around here a couple of years ago with people saying "franchise monopolies are now illegal". Not quite. The rule from the Obama administration was "before issuing a *new* franchise monopoly, a city must hold a meeting."

In many parts of Texas, we don't have the franchise (mandated monopoly) system. Instead, new providers are allowed to enter an area and offer better service. These are called "overbuilders" because they build new infrastructure, using modern technology, right on top of the incumbent's legacy network. Many provide "cable" TV and internet.

The last 10 years or so have been a very important time for overbuilders because previously, the incumbent had a huge advantage in that they already had the infrastructure in place. It's major expense for an overbuilder to replicate all the wiring that the legacy provider already has. The incumbent doesn't have that current cost. In some areas, the phone company was providing DSL service using wiring they laid 60 years ago.

Now that we're going to high-speed fiber, the incumbent no longer has the same advantage. Their decades-old copper infrastructure isn't an overwhelming advantage any more. Overbuilders come in and lay fiber, often with short lengths of high-quality, high-capacity coax for the last few hundred feet. In some parts of Austin there are four to six providers to choose from. Even in some very small towns there are two cable TV companies, competing to have the best, most reliable, and fastest network. If they one doesn't do a good job, customers don't choose them, and the company doesn't make money. Companies like to make money, of course, so they don't suck, not to the extent that they suck in guaranteed monopoly areas (government franchises). The lead engineer for my city of 150,000 gave me his cell phone number, telling me to call him directly if I have any problems and customer service doesn't take care of it properly.

> list of reasons to move to Texas will gain another entry.

We'd love to have you! Please bring that list with you. A lot of Californians move out here and I ask why they came. They came, perhaps, because we have good jobs and a low cost of living. A programmer II can afford a 2,600 square foot house here. Within a week they start telling me about things we should change in Texas, to be more like California. We should have California-style policies, they say, and they don't hear me when I point out those policies drive up costs and increase unemployment. Not that they are necessarily BAD policies. Maybe the benefits outweigh the costs, in some people's opinion. Fine. But if you want to do things the California way, and get the results California gets, it's easy to just stay in California. No need to come to Texas and try to turn it into California.

Comment E=hn (Score 1) 94

> > Also of course high frequency waves have high energy
> What?

E=hn where E is energy in joules, n is frequency in hertz, and h is Planck's constant. In other words, energy is *directly proportional* to frequency.

Its quite intuitive when you think of a sound wave, rather than electromagnetic, especially a sound wave in water. Imagine a sound wave which moves 1 gram of water. Moving 1 gram of water 10 times in a second (10 hertz) represents a lot less energy than moving the water 1,000 times in that same second.

This is one of several reasons that lower frequencies are preferred for long-distance communication. Because it takes less energy to get the same amplitude (particle count) at low frequencies, they are more efficient. Atmospheric attenuation is the biggest reason).

Comment The laws of physics greatly restrict bandwidth (Score 4, Informative) 94

A very large mesh network *used* to be possible. Not so much anymore.

> There is nothing in the rules of mathematics or laws of physics that prevents such a system.

In fact there the laws of physics DO put some serious limitations on it, especially a true mesh network. In a nutshell, the frequencies that carry over distance and through walls have limited bandwidth, which must be shared by *everyone* who wants to use any kind of wireless communication. Frequencies above 10 Ghz have a lot of bandwidth, but don't go through drywall. Also of course high frequency waves have high energy - think microwave oven.

Mesh networks are horribly inefficient in how they use the limited bandwidth available in desirable frequency bands. You can do much, much better if you have local transmitters around 1 Ghz communicating with local towers which form a backbone connected via high power dishes, or better yet fiber optics. There is a lot more usable bandwidth to go around using the backbone topology rather than wasting most of the bandwidth by using a mesh. That brings up the issue of who owns and controls the backbones.

Given the physics of it all, back in 1990 you could have built a mesh network to replace the wired connections of the day - 48Kbps max bandwidth, with each person using it an hour or two per day, on average. On a new network built today, you'd want 100,000 to 10,000,000 Kbps, with each person using it ten hours per day. So roughly 40,000 times as much total bandwidth. Not going to happen. Not with the physics we know in this century.

There *is* a way we can 40,000 times as much bandwidth as we had in the the 1990s, though. We actually have such a system working in much of Texas. It involves setting the greedy corporate ISPs up in a situation where to make money, they have to compete with other greedy corporate ISPs. Customers choose the best one, so an ISP can't make money if they suck. It's not a perfect system, but it beats the hell out of what I hear people on the coasts complaining about - a single monopoly ISP protected by a government franchise, an ISP that sucks but they don't care because nobody is allowed to offer competing service.

Comment Using it wrong (there are many options) (Score 1) 35

Unlike most protocols, rsync has a built-in checksum, actually many, many checksums, so it's much more reliable than just about any other protocol. It checksums every few kilobytes.

We backup many terabytes every day and we periodically verify the backups with Sha-2 hashes. I've never found corruption due to rsync. On the other hand, rsync *is* very flexible and there are many options. It's certainly possible to use a set of options that doesn't give you what you want.

Also, if you're backing up live systems, especially databases, using any method, you have to take care that the data doesn't change while your backing it up. That applies to any method of backup. For mysql, see man mysqldump, then back up the dumped files.

Comment SSH is the *right* way to do rsync. Rsync protocol (Score 1) 35

Using ssh transport instead of the native rsync protocol, which is unencrypted, is the *right* way to do remote rsync with sensitive data. Much like tunneling http over tls is the right way to do http for sensitive data.

You can also do the rsync network protocol bare, using a rsync:// url. That's the wrong way for sensitive data, and the way this developer chose to do it.

Comment Seems to think W3C writes the law or something (Score 1) 46

It's not at all clear to me what the author is asking Berners-Lee and W3C to do. The issue he brings up is a concern with a particular law. W3C doesn't write the law. Html EME defines a technical interface for "if you want a browser to use an encryption module, here's the code to declare that". It doesn't, and can't, effect any law in any way I can see.

Comment If the project is what you're hired to do (Score 1) 386

It may be worth noting that depends on the nature of the work, whether the claimed "personal project" is the type or work the employee was hired to do.

Suppose a person is hired to write technical training manuals. The training manuals they write typically belong to the employer, absent an agreement to the contrary. If the same technical writer builds a ship in a bottle, that work would belong to the employee, again assuming no agreement to the contrary.

Of course varying circumstances can affect things too. If an employer directs their employee, as writer, to build a ship in a bottle on company time, on company premises, using company materials, for use at a company event, that ship probably belongs to the company.

Comment Bluetooth headphone needs 97% less power (Score 2) 137

1 watt wouldn't work very well to charge a smart phone with a 3,000 mah battery. On the other hand, a Bluetooth headphone will have a battery of around 100mah. In use, a Bluetooth headphone will use maybe 150mw or so. Idle, much less than that. So a constant charge of 1 watt, or even 100mw, would be sufficient to keep a Bluetooth headphone charged.

Do Apple customers have any use for Bluetooth headphones these days? :)

Comment Quote slang, jargon, unusual words, weird context (Score 4, Informative) 99

Quotation marks are also used for slang, jargon, and similar unusual words, including ordinary words used for an unusual meaning, in a context in which the reader may be unfamiliar with the meaning. In this usage, quotes take the place of the phrase "what is called". Essentially you're quoting a group, rather than a person.

For example, a newspaper article written for the general public, one might write "he met up with his 'homeboy' or "Intel's Pentium computer processors had a bug in the 'floating point unit', the part of the processor which handles fractions."


Comment A tradeoff. Million $ SOC vs data entry clerk (Score 0) 67

> HTTPS everywhere protects against the mass surveillance

To some extent it does. For simplicity, let's assume it did, completely. Your choices then are:

A) The NSA can tell that someone in your company viewed
B) The NSA can't tell that someone viewed, and you get infected with malware that somebody put on

It's not clear that (A) is always preferable. Obviously that doesn't mean you should never use TLS. It means there is a tradeoff.

> there's always a way to get around the firewall

No, that's the difference between an actual real firewall, which is installed on the network at the demarc, and "personal privacy software", which runs on the host. A firewall has two network ports. One connects to the internet (or other "outside" network) one connects to the internal network. There is literally no physical path for signals to travel except through the firewall. There's physically no way around a hardware firewall, no wires for packets to travel through. All packets go *through* the firewall.

You can also do some checks on the local host, but given you must assume the local host is compromised, you don't trust the local host to identify the malware that it's infected by. Any anti-virus anti-malware on the host is *always* auxiliary to monitoring from a trusted system. Also, the local host obviously can't detect anomalous botnet traffic when a worm infects your network, sweeps trying default and common passwords across your network, etc.

You get much better security by having dedicated security appliances (some of which cost $20,000 or more, not practical to run one for each desktop and laptop), managed and monitored 24/7 by the SOC, looking at a holistic view of the entire network, rather than trusting a potentially infected laptop, run by an accountant, clerk or manager, to protect itself. Frankly, your perspective of security is very much that a typical home user in 1995. That's not how it's done in the enterprise, and that's not how its done in 2017. Our SOC, as an example, employees about 200 security specialists. CorpSec is probably another 40 specialists. We've moved a bit beyond installing McAfee and thinking we're protected. Those 200 specialists in the SOC can't monitor and manage things nearly as well if they can't see anything, though. 10,000 encrypted TLS connections doesn't provide many actionable events.
Btw, you mentioned "(as opposed to IP / site blocking)". Where do you think the IP blacklists come from? They come from the SOC, both ours and Cisco TALOS. They are based on what we learn about traffic flows from those IP addresses - because we can *see* the malware being delivered from those IPs.

Slashdot Top Deals

Every young man should have a hobby: learning how to handle money is the best one. -- Jack Hurley