Slashdot Mirror

Instead of finding a single consultant, consider hiring an outsourcing provider, aka a Managed Service Provider (another description). The problem with an individual consultant is that skillets vary and you probably won't find someone with *all* of the skills you need. In addition, individuals get sick, take vacations, etc. By hiring a MSP, you contract with a company which provides the support and manages the staff you need to keep your IT running. Because MSPs service multiple customers, you get the expertise of a bunch of people without having to hire and dedicate a bunch of people to just your IT. MSPs are formal businesses, with phone support, legal contracts, service level agreements, etc. Many individual IT consultants are not really good at running a business and don't have the ability to provide any real SLA. On the downside, when you go with a MSP, you will have to have some standardization in your environment and your users may not have the flexibility in their desktop configuration that they are accustomed to. This being said, standardization leads to stability and supportability - things you probably want in the end.

Intel CPUs are used day in and day out without any type of security problems.

False.

I live in the Seattle area and know lots of current /former "Softies" and "Amazombies". Those large tech companies have huge turn over and incredible burn out rates Both companies threw out Stack ranking some years ago, https://whatis.techtarget.com/... but the mentality that put it in place is still ingrained in the corporate manta. Ie: "for you to get ahead, someone else must fail". It's the major reason pay is so high, you have to pay ridiculous money to keep good people.

what the phone company may or may not disclose about your phone records is defined under CPNI legislatively under the 1996 Telecom Act and FCC policy.

https://searchnetworking.techt...

the thing is this MetaData, while I haven't seen the exact info stored, is more obscure. I remember some layman examples of how Project Carnivore worked. Its successor, Project Prism, puts carnivore to shame. From what I recall, even with records that do not specifically say anything at all about you, they can datamine to such a degree that its almost 'Minority Report' level of probability to figure out what actions you will partake in. How likely you are to have an affair based on a brief encounter, what hotel you are most likely to use for your affair even before you know yourself, etc. Using records without your identity tied to it, they can still figure out who you are, after pairing it with other records they sift through in real-time such as the stream of email and social media posts. They track your movements, your daily texts, everything, even without having to look at the content of the traffic itself. Its the real-time, AI, version of a nosy neighbor with a line directly to the cops the second you do something different than your usual routine.

Nope, it means "Universal". Look in the title of the /. story, it's right there.
The Wikipedia article on basic income also says it means "Universal": https://en.wikipedia.org/wiki/....
Also WhatIs: https://whatis.techtarget.com/...
Also Wired: https://www.wired.com/story/th...

You're right that basic income doesn't really fit the definition if it's taken away when you get a job, if it works like that it's just another name for welfare or unemployment. Basic income should be unconditional to work as advertised, but that isn't what the 'U' means. This experiment doesn't seem to fit any of the definitions of UBI, it's not universal and if they take it away when the recipient gets other income then it's not basic income.

OK, I stand corrected. I always associated spamming with UCE since it originated in that context, but apparently these days any bulk unsolicited email classifies as spamming.

Address Space Layout Randomization

http://searchsecurity.techtarg...

This:
>a bug in ASLR's implementation on Windows 8 and later will not generate enough entropy (random data) to start application binaries in random memory locations.
is the bit that sounds ridiculous. The CPU has an instruction that delivers full entropy data, 64 bits at a time, available from the execution of the first instruction. How can software "not generate enough entropy"?
 

I'm not sure a national identification number, that could also be subverted, is the answer... perhaps the answer lies in biometric verification or elsewhere, but the present system is broken by the continued carelessness of virtually everyone.

Called a mantrap. http://whatis.techtarget.com/definition/mantrap-interlocking-door-controller

I'm always surprised that Americans love the free market, except when it effects them.

  What ever happened to "Well you agree a contract when you buy an iPhone. If you don't like it's terms, such as repair provisions then don't buy it. That's the free market. If enough people don't like it, they won't buy it, demand goes down, there's too much supply and they'll have to change the contract."

I think that this is a stupid viewpoint but I laugh when I hear the cognitive disassociation from Americans who love free enterprise and free market but want more regulation.

Several points: I agree with you in that most of us Americans have an idealistic view of the market and govt. regulations and protections.

Unfortunately we Americans are pretty much forced to attend K-12, but I never had 1 day of economics education. In college I opted for 3 economics courses (did very well). I understand all of it, but sheeple would rather buy the shiny new awesome braggable thing.

Advertising has a great effect. Of course that only works if people are dumb sheep, but no matter what you do, some people will make poor choices.

Generally the American Colonies had little economic regulation. During the 1800s there were extremes of "Robber Barons" https://en.wikipedia.org/wiki/Robber_baron_(industrialist) and huge monopolies. The govt. had to crack down, and ever since we've had some degree of protection from shoddy products, bully tactics, etc. I forget when, but decades ago the US Fed. Govt. had to pass laws mandating that car companies had to produce parts for at least 10 years. They also mandated that anything emissions related had to be fully warrantied for 2 years (I thought it had been 6) and some things 8 years. https://www.epa.gov/air-pollution-transportation/frequent-questions-epas-office-transportation-and-air-quality

My point is, Americans think they're being protected, and sometimes eventually the govt. sees fit to pass regulations, but it's often years of struggle, if it ever happens.

It seems to me, in the computer world, manufacturers have a huge advantage over consumers.

Remember the "shrink wrap license"? http://whatis.techtarget.com/definition/shrink-wrap-license Seems like an obvious violation of common-sense and should be illegal, but to some extent they seem to continue.

It's been deeply researched analysed that there is too strong a connection and mechanism between govt. and corporations.

I have never seen an unsolicited sign-up that complies with anti-spam laws, because by definition unsolicited email is spam (see definition and link below). And as far as I'm concerned, if they try to claim an existing business relationship to spam me, I will treat it as spam because if I really wanted to, I would sign up on my own initiative.

There is no legitimate sign-up that should be contacting me out of the blue. That's the very definition of unsolicited commercial email.(UCE)

You don't know what you're talling about. first hit for definition of UCE

UCE (unsolicited commercial email)

UCE (unsolicited commercial e-mail) is a legal term used to describe an electronic promotional message sent to a consumer without the consumer's prior request or consent. In the vernacular, this kind of e-mail message is called spam.

So I can safely mark as spam anything coming to my email address that I haven't already white-listed.

I would expect this level of nonsense from an anonymous coward.

You probably don't need antivirus on Windows, either. In many cases, it's been demonstrably worse than nothing at all.

The uranium-weaponization machinery in Iran was only more "mission critical" than a city's civilian power grid. And yet, Israelis/Americans managed to infect it anyway.

It is entirely possible to update from a local source.

From where would that local source obtain the files? The answer is: from the outside.

Whether you are connected to that outside via wires or sneakernet is not even relevant — all such connections are corruptible... A human being may be harder to corrupt, but not impossible. A dedicated adversary — and Russia certainly is one such — can do it.

It would have to be an extremely compelling "experience" at an even more compelling price point to get any traction.

Compared to the "experience" offered on most TVs, home theater receivers and blu ray devices that is a pretty low bar to clear. I have a smart TV, Apple TV, Roku, and blu-ray and all of their streaming experiences are pretty much terrible.

I'm also still waiting for someone to have a well designed stateful universal remote that actually knows what state the device it is controlling is. Virtually all remotes currently are one way remotes that have to guess at what the device they are controlling is doing. I have a Logitech Harmony and the fact that it is stateless is more than a little annoying. I'm constantly fixing things when it turns off a device that was supposed to be on (or vice-versa).

Even if the data sent from the phone to the Chinese is encrypted, the phone has to have the key, so it's trivial for just anybody to intercept and read your messages

Apparently you never heard of asymmetric encryption. So, no the phone doesn't need to have the key required to decrypt the data.

Using a simpler, more memorable name in place of a host's numerical address dates back to the ARPANET era. The Stanford Research Institute (now SRI International) maintained a text file named HOSTS.TXT that mapped host names to the numerical addresses of computers on the ARPANET. Host operators obtained copies of the master file.

(this uses the term 'host" to mean this

In Internet protocol specifications, the term "host" means any computer that has full two-way access to other computers on the Internet. A host has a specific "local or host number" that, together with the network number, forms its unique IP address.

So anyone who just wants to visit their favorite sites doesn't need DNS.

EMET isn't a technology, its a package containing a number of security enhancing techniques (none invented by Microsoft), so "bypasses EMET" at best is uninformative, at worse makes little sense.

Because it is what I am reading in technical articles on the subject:

http://searchmobilecomputing.t...

Please, correct me with some citations to information about how it works.

For example, they could back up the flash memory, make 10 attempts, the phone wipes it and they restore it and try the next 10 numbers.

Except that wouldn't work. The thing that wipes is not the data but the key. The key is kept in Apple's equivalent of a TPM chip, so cannot be retrieved or replaced after the wipe.

http://searchmobilecomputing.t...

Technically the cloud is fun tech, but remember the good old days when you would rent a non-scalable server, stick it in a server room and hope you did and didn't get slashdotted?

Problem with the cloud is you never know what your monthly bill is going to be. You can get a real shock and it is hard to budget because of that. Understanding those bills is itself a major drama and you forever have to keep running and checking nothing is ratcheting up costs. Even keeping a few gig of hard drive space adds up, even though Google can offer you gigs for "free" no problems. http://readwrite.com/2013/10/1... http://searchcloudcomputing.te... http://insights.wired.com/prof...

So why don't AWS offer fixed billing? For the same reason your cellular company doesn't. :-(

Oh look, it's Netscape Netcaster all over again. This time it really is the future guys.

Instead of a truck (servers don't typically go walking around or for a drive in the country) perhaps AWS needs a Simian Factor ? http://whatis.techtarget.com/d...

Java virtual machine (JVM)

Funny, FDCServers actually had one that was legendarily running for some poor unaware bastard in production. A coworker took a bunch of shots a few years back. The "hacks" that in this case were less clever and more cheap (and exploitative of the customers who had no idea). Same company would routinely open up windows rather than run forced air cooling...a few folks I knew working there would show up to work to find rented servers covered in quickly melting snow.

http://developers.slashdot.org...

http://itknowledgeexchange.tec...

in short: guy moves to malaysia (he had no ties to the area, just picked it on economic considerations) and doesn't just survive, but does well, on $16k/yr, working 10 hours a week

John is not independently wealthy. He did not have a big IPO, and does not have have a revenue stream. Nor does he have a best-selling book on, say, how to live cheap. Instead, he was a practicing programmer and IT program manager who moved from Virginia to Malaysia, on the expectation of taking a year long “sabbatical,” and, if he could find a way to make it work, to stay a bit longer.

Or if you can afford to wait it out, 20yrs from now you might do really well in the US on that, after the average wage falls to $.25/hr to compete with those other countries (the CEOs with their offshore accounts will just live in their 'compounds' 24/7, being a 'servant' to the wealthy might be a good local option).

http://developers.slashdot.org...

http://itknowledgeexchange.tec...

in short: guy moves to malaysia (he had no ties to the area, just picked it on economic considerations) and doesn't just survive, but does well, on $16k/yr, working 10 hours a week

John is not independently wealthy. He did not have a big IPO, and does not have have a revenue stream. Nor does he have a best-selling book on, say, how to live cheap. Instead, he was a practicing programmer and IT program manager who moved from Virginia to Malaysia, on the expectation of taking a year long “sabbatical,” and, if he could find a way to make it work, to stay a bit longer.

How about encrypting the data and using PKI over VPN with a full irrevocable audit trail. The keys being stored on a portable hardware token.

How about encrypting the data and using PKI over VPN with a full irrevocable audit trail. The keys being stored on a portable hardware token.

You'll see malware definitions (Windows Defender) pretty often, but these are tiny and never require a reboot. They should be practically invisible to you, and I don't think MS really considers them "patches" per se. I also see Flash updates more frequently - that also shouldn't require a reboot, but I don't use Flash so I'm not sure. Obviously, MS doesn't control the timing of those patches - that's Adobe, but MS apparently just pushes them along. There are occasionally out-of-band patches as well that don't fall under the regular schedule, but these seem to be fairly rare. On rare occasions, errors in patches are rolled back fairly soon after - I think that happened a couple of times in the last year - it almost always makes news.

The "Patch Tuesday" was largely created to make things easier for enterprise customers by MS, so they'd have more predictable patching schedules. Generally, large enterprises will control the patching themselves, first testing the patches out on test machines, and then deploying them across the company workstations in a controlled fashion.

For consumer customers, it just generally means we pull down the bulk of the patches directly from MS within a day or two of that time. Maybe your experience is different from mine, but I really do typically only have to reboot my Window machine once a month because of patches.

I'll be "that other guy" and point out that Lego is not an acronym.

Uhm. From WhatIs.com:

An acronym (pronounced AK-ruh-nihm, from Greek acro- in the sense of extreme or tip and onyma or name) is an abbreviation of several words in such a way that the abbreviation itself forms a pronounceable word. ...

Abbreviations that use the first letter of each word in a phrase are sometimes referred to as initialisms.

LEGO is an abbreviation (though not an initialism) of Leg godt, danish for "play well" - or perhaps more like "have fun (playing)"

So it appears that it is an acronym

The mindset in 2003 was different:

1. Network security was not as high profile. The term "Patch Tuesday" was only just invented in 2003.

2. The industry had not yet experienced a painful Microsoft EOL. Windows NT 4.0 was not EOL'd until Dec. 31, 2004.

So please stop judging with hindsight.

I can't find any actual instances of it happening, but this appears to mention the rumor you're talking about: http://whatis.techtarget.com/d...

In the formal logical sense, imply means prove. That comes from its formal logical definition: http://whatis.techtarget.com/d....

You are using "imply" in a more casual sense, which would be fine if you didn't also call him wrong. Now that you've broken out the weird pedantry, I have to tell you he's not wrong, he's actually perfectly accurate and you're being pedantic.

Don't i recall that these disks were advertised as having shelf lives of 100+ years? And that they were fantastic archival mechanisms... and now we're finding out that they only lasted 10% the rated time

This site says 50-100 years; http://searchstorage.techtarge...

Though the government only thought they'ed last last 2-5 years here... http://www.archives.gov/record...

??? How old ARE you? (OMG: I'm only 55 -- maybe I really am older and more paranoid than I thought.)

Let me get this straight: you gave away control of your unencrypted files to someone who wasn't a known personal friend and then am surprised that something happened to them??

I treat on-line services slightly differently: I keep local copies of EVERYTHING that goes out, and I'm surprised when it's still accessible online 5 minutes later, never mind 5 years later. And controlling exactly who has access to it? That's just a fantasy -- really. It's actually binary: either it's out there and they MIGHT have it, or it's not and they DON'T.

I do run Dropbox and use KeePass as a password manager. The credential store is encrypted, but even then the stored password there just isn't "quite right". Phone camera pics get uploaded to Dropbox. At times I'll AES encrypt and email or use Dropbox and expose. For stupid pics I'll just dump 'em out there straight. But I know what's exposed and encrypted-exposed. The latter die soon after they're used.

You store important and critical (tax receipts, lawyer-enforced) notices that might cause breach of contract? And you put control of that in someone else's hands, paid for or not? What kind of an IDIOT are you? Then again, you must not think much of the breaching penalties. That's great, I'm glad you're so confident at everyone always doing the right thing everywhere and nothing bad ever happening.

Me, if I'm going to have a some contract or data leakage it'll be because *I* did it myself and have no one else to blame. Then again, it's obvious digital computer files and paid services will stay around forever: Just ask MegaUpload, GeoCities, and LavaBit. Oh, and the data center located in the Twin Towers? Onsite backups sure came in handy there. Some got thru better than others: One, Two

Then again, there's this brand new data center that will hold all of your data for years -- all for free! I'm sure you can retrieve all of your data from that.

Really, I'm glad things are going so well for you, with the exception of a few bumps. And local storage doesn't solve everything either -- drives can be stolen, warrants can be served, computers can be hacked and data downloaded. But damn it, for 99.9% of my data, I'm 100% directly responsible for it. Offloading everything to the cloud is just offloading responsibility, never mind anything at all to do with the NSA.

Oh, one last thing. Even if all of the employees in the ISP, supporting companies, 3rd party vendors and everyone involved are all above reproach. are you sure? And even say all of the software is 100% vetted and accurate (ignoring accidental software bugs): oops.

Paranoid? Probably, but then again most things don't deserve multiple layers of defense. Only a few do, and of those only a select few get vetted, encrypted, backed up, and rotated offsite. But as for "What would you need if everything was suddenly gone (house fire) and you could only keep a couple of things?" Well there's your answer.

Good luck with it all; hope you produce a updated

The definition you are using for the word hacker, is not the same definition that most "hackers" agree with. Someone who breaks into computers is more aptly called a cracker.

Here are some examples.
Hey Timmy, how did you get the broken car working again? Oh, I just hacked something together.

Hey Billy, I saw you have been able to crack that safe open.

Do you see the difference?

See here for another explanation: http://searchsecurity.techtarget.com/definition/hacker

The problem for us was the licensing requirements. It was FAR cheaper to just deploy published desktops on Windows Server than it was to use XenDesktop. I'm not familiar with XenDesktop 7, so I'm not sure if it functions the same, in that regard, to XenApp 6.5.

So, a private company has been helping 400 open source projects with code quality (usually considered important) for quite some time now using their tools which find many different code defects. It had been started with government money, but now they take it out of hide. And do you shed any light on it? Provide more information? No, you just make uninformed comments about things that have easy to find answers and whine. What a waste.

Some of the better-known projects scanned include Apache, Firefox, GIMP and a number of forms of Linux and BSD.

Open Source Is Better Than the Closed Stuff (Until You Hit 1 Million Lines)

A Few Billion Lines of Code Later: Using Static Analysis to Find Bugs in the Real World

So, a private company has been helping 400 open source projects with code quality (usually considered important) for quite some time now using their tools which find many different code defects. It had been started with government money, but now they take it out of hide. And do you shed any light on it? Provide more information? No, you just make uninformed comments about things that have easy to find answers and whine. What a waste.

Some of the better-known projects scanned include Apache, Firefox, GIMP and a number of forms of Linux and BSD.

Open Source Is Better Than the Closed Stuff (Until You Hit 1 Million Lines)

A Few Billion Lines of Code Later: Using Static Analysis to Find Bugs in the Real World

I did not make this video nor did I choose its subject matter. All I did was edit it & write the intro paragraph. Some may have noticed that the Cryonics Institute is a non-profit, and may realize that we do *not* take money to make videos unless said videos are clearly marked "advertisement" or "sponsored content" or something along those lines. Like these: http://tv.slashdot.org/sponsored/ See? A "sponsored video" section.

And yes, for those who don't know, I was the editor in chief of the company that owned Slashdot for many years, and -- my low 3-digit UID hints at this -- I was reading and posting on Slashdot before it was corporatized, and did my best for a long time to (sigh) keep the marketing types from messing the site up.

I retired in 2008. Now I collect SSI (I had several massive heart attacks) and work part-time doing Slashdot video work, plus I write a weekly column called Cheap Computing for TechTarget -- http://itknowledgeexchange.techtarget.com/cheap-computing/ -- and occasional blog posts for AllLEDLighting.com -- http://www.allledlighting.com/ --and other specialized, tech-oriented websites.

If you want to blame me for... well, for anything... no problem. I can handle it. I'm not in a management position, so saying bad things to or about me won't change anything. In fact, it's possible that I agree with many of your complaints but don't have the power to do anything about them.

And that said, now it's time for a gin and tonic here on Florida's West coast. :)

Cheers!

- Robin 'Roblimo' Miller
Bradenton Florida USA

Crypto experts speaking at the Black Hat USA 2013 conference yesterday said there's a real -- though perhaps not overwhelming -- possibility that much of the Internet's encryption will soon become completely unraveled. This grand unveiling of secrets, they contended, could arrive within a handful of years. To avoid what they jokingly called a "Cyber Pompei," they strongly encouraged a switch from algorithms based on the Diffie-Hellman and RSA systems to elliptical curve cryptography.

AMD hardware sucks with Linux.

I run CentOS in an emulator.

Ironically Linux KVM(amongst Others) supports AMD-V http://searchservervirtualization.techtarget.com/definition/AMD-V .

Perhaps if you spent less time making random allegations against hardware you would understand the technology a little better.

> What interests me is that if SSDs mount a major invasion of server-rooms and data-centers worldwide it also means that we will now finally start to see SSD pricing drop like rock.

I'd think the opposite may occur. SSD flash is currently limited by the amount we can produce at a reasonable price.

http://searchstorage.techtarget.com/news/2240181971/NAND-shortage-could-slow-pace-of-flash-price-drops-squeeze-SSD-makers
http://www.seagate.com/point-of-view/nand-flash-supply-market-master-pov/

http://itknowledgeexchange.techtarget.com/unchartered-waters/interview-with-a-digital-migrant-meet-john-hunter/ -- David

Knock yourself out.

I found the missing link!

http://itknowledgeexchange.techtarget.com/unchartered-waters/interview-with-a-digital-migrant-meet-john-hunter/

I have no idea. I did my editing & upload task and moved on to write a Cheap Computing column or something else not related to Slashdot.

I rarely if ever moderate, and it's obvious that I did not moderate any comments on this story because I'm posting comments on it.

It's entirely possible that other readers didn't like the false "it's an ad" accusations and moderated them down. Or it could have been one of the full-time editors. Got me. If I knew, I'd tell you.

The thing that always puzzles me on Slashdot is that there seem to be a few readers who believe every single piece must be interesting to them, as if there aren't hundreds of thousands of other Slashdot readers, each of whom has his or her own interests. I get bored with people whining about how this or that story doesn't interest them, as if we are using the Secrett Slashdott Mind Controll Thingie to force them to read every story and watch every video.

If something doesn't interest you, ignore it and move on. That's what I do. Unless, of course, you really believe Marco Rubio was born in Kenya and that the U.S. will be taken over by communist tea bagging libertarian aliens from Venezuela if you don't alert the world to this dread plot. Or something.

FYI - there are no such thing as video "slashvertisements." Tim or I (I do most of the remote interviews; he travels to events) pick video subjects with no input whatsoever from ad salespeople, Dice, the Koch brothers, my dog Terri, the NRA or Nancy Pelosi.

Believe this or not, as you wish, but it's true.

I have no idea. I'd imagine that it would be worth it overall, though.

Quick Google search found card fraud costs $86M per year.

Although...

Among the top forms of card fraud are card not present, counterfeit cards and lost/stolen card fraud, but the biggest category of card fraud is "first-party" fraud, which is committed either by a thief or a legitimate cardholder who intentionally decides not to pay off a credit card balance, the report showed.

One-time code devices and associated smart cards would likely significantly reduce the first three issues, it'd do nothing for the last.

It's also more than just the one-time pin/code generation devices, too. Credit/Debit cards would have to be re-issued as smart cards and all payment machines would likely have to be upgraded read the cards and verify pins for purchases. That's the investment part the US banks aren't going to want to make.

Some people have asked the inevitable 'HOW' question, as Matt doesn't really get into the specifics of making the leap in the video. Matt posted a follow-up on his blog (I'm his editor), which might be of use to this conversation as well: Four Requirements for Independence". He goes into the calculations needed for determining when and how to go independent (burn rate, replacement income, etc.). Curious to hear if the consultants here think it's enough to go on, or simplifies things too much.

It's maintenance. No one does it.

Only in the Windows world. On the Mac platform, where reasonably convenient backup functionality is built into the OS itself, and where it is cleanly integrated with the manufacturer's wireless access point/NAS solution (Time Capsule), about 55% of users back up regularly (source: PC Magazine), as compared with only around 11% of Windows users (source: TechTarget).