Slashdot Mirror


User: mlts

mlts's activity in the archive.

Stories
0
Comments
5,534
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,534

  1. Re:Ugh, polygraphs on New FBI Operations Manual Increases Surveillance · · Score: 1

    True, but giving up and surrendering just means that usually the nastiest of the bunch will win.

    At least with voting, you end up having a lesser evil in office. Take Satan vs. Cthulhu. Satan corrupts, but at least stuff is left standing for a bit. Cthulhu will just slurp you up, body/mind/soul up wholesale.

  2. Re:Sexual blackmail? on Hackers Expose 26,000 Sex Website Passwords · · Score: 1

    Don't forget, the election year silly season is starting up. A candidate that gets caught watching nudies will have ads made against them each day, every day about their "moral turpitude", and there is a good chance that it will cost them the election.

  3. Re:MS can fix that easily... on Windows Phones Getting Buried At Carriers' Stores · · Score: 1

    Of course, SMTP is the mail standard. However, there are requirements PHBs want over SMTP that forces Exchange in the mix:

    1: Remote device kills. You want the ability to erase a device with the latest confidental, unannounced models if Joe Exec loses it in his limo after too many martinis with his customer.

    2: E-mail retention standards. In reality, having sendmail copy every incoming mail to a mailbox that gets saved off every so often is OK. However, to please legal eagles when dealing with SOX, HIPAA, FERPA and other laws, one needs to have software that does autoarchiving and is auditor friendly. Even without the onerous regs, if one doesn't have a system to handle a motion of discovery, the opposing law firm will have a field day, and judges tend to rubber stamp triple damages if a company can't cough up E-mail when asked. So, Exchange is used because it has a lot of tools for this.

    3: Configurations. For a lot of businesses, a SMTP server accessed by POP or IMAP is good enough. However, there is a point where you have so many mailboxes that something that scales is more needed, where one server farm can handle one location, another cluster another location, etc, with replication and failovers tossed in the mix.

    4: I have encountered firms who demand their business partners use Exchange connectors. No connector between Exchange servers, no contract. Of course, a connector is little more than a TLS connection.

    5: Push mail. Execs would scream if they didn't have their push E-mail. Believe it or not, not that many place support IMAP idle.

    6: Unified messaging, tasks, calendars, meetings. Stuff added onto mail that the execs cannot live without. Exchange is the only game in town for this, unless you want Lotus Notes which has not seen a major upgrade in some years.

    Yes, there are some businesses which get along without Exchange. IBM and Google come to mind. However, for almost everyone else (especially if you step into government work), Exchange is it.

  4. Re:I know every single one of my friends on Dozens of Tech Bigwigs Friend Facebook Spambot · · Score: 1

    Computer science and IT.

    At first, I didn't even have a FB profile. However, when interviewing, I was looked at like I was an alien, or one of those weird hermits who doesn't have a phone or electricity.

    So I created a dummy FB account. Then started using it to reconnect with acquaintances. The same HR people who demanded friends with FB were doing so because it was the "in" thing as per their magazines. None of them ever mentioned that they were not seeing the full profile.

    Funny thing is that the place that I work at now did none of that BS.

  5. MS can fix that easily... on Windows Phones Getting Buried At Carriers' Stores · · Score: 2

    MS can easily fix the chicken/egg scenario.

    1: Put out a new version of the ActiveSync protocol which is only licensed to the iPhone and WP7 devices.

    2: Make it the the default protocol in the next Exchange version. Perhaps the only protocol, and move legacy ActiveSync (as well as IMAP and POP) to an additional charge product similar to BES.

    3: Add some security features to the new ActiveSync protocol so it is the only one "blessed" by businesses under the guise of SOX, HIPAA, etc. (even when in reality, that protocol doesn't matter.)

    4: Watch businesses not bother with Android and buy WP7 phones en masse over Blackberries.

    5: ????

    6: Profit. Exchange is the mail standard, and if a phone doesn't work with ActiveSync, it will not sell past the consumer market.

  6. Specialization is not for insects... on The Modern Day Renaissance Man · · Score: 3, Insightful

    Contrary to Robert Heinlein, specialization is not for insects. Especially in fields where not one single person can have all the details.

    This doesn't mean education other than the field of study is pointless. It is important to know something about biology, nuclear physics, math, and other items. However, trying to do a career as a jack of all trades means that one ends up a commodity, competing without any real advantages.

    Specialization keeps people employed. For example, I know guys still doing SAP Basis administration. Unless the company they work for wants to completely chunk most of its internal workings, those guys are not going anywhere.

    A balance needs to be reached. Being a one trick pony is bad. So is a jack of all trades. So, it doesn't hurt to always keep versed in multiple items. So, if SAP gets phased out, one can always use cross skills learned from Basis administration as a DBA. If the DBA game doesn't work out, there is always development.

  7. Re:In other news... on Dozens of Tech Bigwigs Friend Facebook Spambot · · Score: 1

    Long term, doing the job well is the better approach. However, being in the industry so long, it is easy to get cynical, after bids/proposals for doing a job right get shoved off the table for ones that are cheaper, regardless of potential cost in safety, security, or long term sustainability.

    I have consulted at a number of startups. The #1 thing that was the focus was keeping the investor wallets open. Everything else, up to and including making a solid product came second.

    The old-school American ethos of doing the job well isn't extinct yet. It appears in a few places:

    The first are small businesses funded by the investors themselves, with the investors having a passion (other than money) for the field. There, getting the job done right overweighs beating Q1's numbers in Q2. There are people who have made their fortune in various industries, and want a business that does what they like doing.

    The second is in industries that want a good name for themselves. Alternative energy for example (there are some exceptions we all know). Alternative energy companies want a good reputation so people will start buying products and moving that direction.

    The third are older industries that are not the fad of the day. Take the creaky mainframe industry for example. Because they don't have the advantage of buzzwords, they have to innovate to keep alive. And believe it or not, mainframes have advanced, especially in the reliability department. It can be argued that Facebook could have saved a lot of money by just having a few racks of mainframes and replicating DS8000 drive frames, where the redundancy is designed in from the hardware up, as opposed to large quantity of off the shelf x86 machines and the backend app providing the error tolerance.

  8. Re:I know every single one of my friends on Dozens of Tech Bigwigs Friend Facebook Spambot · · Score: 1

    What I do is use groups, and have defaults of who can see what.

    I started this after I graduated college because virtually every employer I applied for demanded friend access to FB. So, they got it. They could read a couple sterile posts. The rest? No access.

    So, if someone I don't know wants to friend me, I'll accept the request and put them in the "deny access to all" group, and move merrily along.

    Of course, one never knows if FB may "update" privacy settings to screw this way of doing things up, so it doesn't hurt to defriend anyone you don't know and want to interact with eventually.

  9. Re:In other news... on Dozens of Tech Bigwigs Friend Facebook Spambot · · Score: 1

    You can run a tech company and not be computer savvy, provided you have the ability to keep investors continue to leave their wallets open. This was true in the dot.com bubble, and still true today, although it takes a far glibber tongue to keep investors shelling out the cash than in the past where scraping "LINUX" on something meant a multi million dollar IPO.

  10. Re:The best way to reduce crashes... on Los Angeles To Turn Off Traffic-Light Cameras · · Score: 1

    You preach sanity.

    The thing I see about a lot of signals is that the yellow light is very short (1 second or so). I have even seen signals go directly from green to red. Couple this with the fact that there is zero time delay between a light changing from red to the other side going green.

    If you look at lights that have the traffic cams, you will never see one with more than a 2 second yellow. This doesn't give much reaction time for drivers, either to floor it and get through, or slam the brakes. If the signal had a 4-6 second yellow light, people would be able to gauge it and stop accordingly. Not have to figure out fight or flight in less than 500 milliseconds (especially when adding braking time and reaction times.)

    Of course, a delay of a second between the red and green is a no brainer. Why this isn't done is beyond me.

    Red light cameras had good intentions. However when they are handed to private companies who can reduce, or even eliminate the yellow light, this becomes less a tool of traffic safety than another money source and another item forcing people to be outlaws (covering plates, etc.)

    Because of the abuse of cameras, they should be pulled. Had the operators of the signals put in yellow lights allowing people to do something other than panic fight or flight, as well as add a red/green time delay, then maybe things would have ended up differently.

  11. Re:If you need support... on Ask Slashdot: Linux Support In Universities? · · Score: 1

    On the other hand, it is nice to get new Linux users and give them a hand. Times have changed since the mid 90s, and there is a lot of fear in colleges about doing something "illegal" and being expelled or arrested. I have ended up reassuring people during my time at a university that no, installing Linux or BSD on a dorm computer won't mean some goons will be kicking in the door.

    Everyone was a beginner once, and if I can help someone get at least on the Internet so they can hit Google, I am doing something right.

  12. Re:ridiculed? on Ask Slashdot: Linux Support In Universities? · · Score: 1

    Depends on campus. The university I graduated from was completely OpenLDAP with the Windows boxes first having a custom GINA, then when Vista pushed XP aside, just had the boxes think the LDAP box was an AD domain. The CS department lived and breathed on Linux and OS X. Other departments had Windows machines, but they were more of the exception, because most facility preferred Macs over anything else.

  13. Re:This is 2011 on Ask Slashdot: Linux Support In Universities? · · Score: 1

    I'd configure Domino to use POP/IMAP, and the Outlook connector, so the PHBs are happy.

    Long term, I'd probably be seeing about moving to Exchange... IBM really needs to throw some serious development effort at Notes to make it continue to even be in the same league as Exchange.

  14. Re:Encrypt it then on Google Asks 'Who Cares Where Your Data Is?' · · Score: 1

    128 bit AES is the algorithm, but the weaknesses are usually how it is implemented. If the code writer uses ECB, an attacker can easily discern patterns in the cyphertext, and given enough text, pretty much be able to effectively guess the plaintext.

    Of course, key storage comes to mind. If an encryption program decides to leave a MD5 hash of the passphrase in the file, then brute forcing it becomes an option.

    Encryption isn't just for protecting from the "government". If implemented right, it turns a theft of equipment into "just" a hardware theft, which insurance pays a claim on. No encryption, and it becomes a hardware + data theft, which may mean going to the press and telling them about the breach, and so on. Or in the business sector, it means that a junior admin gets sacked, a PR announcement gets made about "new security procedures", and life goes on.

  15. Re:They don't believe it themselves on Google Asks 'Who Cares Where Your Data Is?' · · Score: 1

    If a place has a 1M data loss guarantee, I'm sure it will be riddled full of stipulations, such as having to prove every cent the data is worth (good luck), having to prove that it was 100% the cloud provider's fault (good luck on that one, because an rm -rf /logs is far faster than a motion of discovery), the guarantee would have to see arbitration, and so on.

    Letsee... I can use a cloud provider and get promises, or pay less for my own IT infrastructure and have guarantees because employees leaking data can be punished both civilly and criminally.

    I'll stick to the servers being physically present in a machine room or coloc. I trust a physical tape far more than I do promises by a glib salesperson.

  16. Re:Encrypt it then on Google Asks 'Who Cares Where Your Data Is?' · · Score: 1

    The problem is that Google may not care where they store your data, but a lot of businesses do, even if it is encrypted.

    If a US government contractor was using cloud storage and their cloud provider was found to be storing data in Damascus or Tehran, the Feds would pull the contract and there is a chance people would go to prison. This without any classified+ data on the systems.

    Location matters. Encryption is strong, but the attackers go for the weakest link. Providing attackers with data that can be attacked at will without the victim having any to tell is just poor IT practice.

    This isn't to say cloud storage and cloud technology is useless -- it is a part of IT these days. However, so are mainframes. One needs to use the proper technology for the job at hand, and know the security ramifications.

    If I were running a business where PII was an issue with large amounts of data, it wouldn't be cloud based; it likely would be on IBM iron using Parallel Sysplex or PowerHA to ensure reliability. However, if I were doing Web applications and needed to spin up VMs to check backend code, a cloud provider is just fine. Pick your tools for the job.

  17. Re:Security and Privacy depends on Where on Google Asks 'Who Cares Where Your Data Is?' · · Score: 1

    Don't forget that no matter how restrictive and promising the business's SLA is, they can go bankrupt at anytime, and all the data stored that is bought out by scavengers can be easily made public.

    And there is not one single thing someone can do about it in this event.

  18. Re:It all comes down to TOS. on Google Asks 'Who Cares Where Your Data Is?' · · Score: 1

    Very true. Don't forget that cloud computing providers have to have data centers, and they have the same IT issues that their clients have. The only difference is if the EMC RAID fails on their end, they can tell their clients, "too bad, so sad", while if the data was stored on an in house EMC system, there is likely a backup/DR system that is tailored to that company. Even if it is just copying critical reports to a CD-R and tossing that in the tape safe.

  19. Re:Oh Please! on Google Asks 'Who Cares Where Your Data Is?' · · Score: 1

    If my bank lost data, they can be held criminally and civilly liable. My doctor? HIPAA violations. The library? Pure shame and fear of funding cuts. The IRS? Voters taking a stand.

    Unlike the above, cloud computing providers have zero incentive for anything but token amounts of security. Look at the SLAs if you sign up to a cloud provider. 99.9 percent of them indemnify the provider from anything that happens. Translation: People agree that even if their private data ends up a torrent on a server in Elbonia, they can't sue.

    Loss of face? Don't forget that cloud computing is the ultimate in vendor lock-in. Want to move to another cloud provider? Good luck retooling all your internal APIs and then moving all your stuff. Most people/companies are not going to change providers if a provider has an epic failure, because realistically they can't afford to.

    A cloud provider is a one way move. Usually once the data is there, PHBs will decommission machines in the data center. After that, there is no going back, and the lock in is permanent.

  20. Re:Encrypt it then on Google Asks 'Who Cares Where Your Data Is?' · · Score: 1

    It is a lot easier for someone in Latveria to break the encryption algorithm, sell the break to someone in Elbonia who then grabs the data over the network as opposed to a physical attack.

    A physical attack, you know someone grabbed the data (assuming the machines were not compromised earlier.) An attack on data that is not in physical control can be done with absolutely no traces.

    Think a cloud provider is going to tell anyone they got hacked a la PSN? Unless someone blows the whistle or people's stuff winds up as torrents, there is no way in hell they would.

    Pack your own parachute guys, if the data is that sensitive.

  21. Re:Encrypt it then on Google Asks 'Who Cares Where Your Data Is?' · · Score: 1

    Encryption isn't a cure-all. There are a lot of questions about encryption:

    1: How are you encrypting data? Per block as in a TrueCrypt partition? File by file like CFS or EncFS? Saving data to a staging area, then firing up a utility to encrypt the whole data blob in toto? Wrong decision here means a big performance issue.

    2: How are keys managed/used? If you use one key for all your offsite data and a blackhat nabs it, you are fucked. If you have tons of keys, your key management system better be robust, or you will have large chunks of inaccessible data.

    3: Is the encryption solution vetted, or is it like most stuff cloud related where "trust me, we have buzzwords" the motto of the day?

    4: Is the encryption solution FIPS or Common Criteria compliant? Stuff like this is important for not winding up in prison due to SOX, HIPAA, or FERPA compliance.

    5: How recoverable is the encryption solution? If the main data center goes down, can I fire up some hardware, install the encryption head and be able to access stored data?

    6: Are there measures in the encryption solution to deal with algorithm compromise? TrueCrypt can chain three algorithms, not for massive numbers of bits, but to mitigate risk should AES get cracked.

    Encryption is OK, but does not replace good sense in locating data.

  22. Re:Fedora is essentially RHEL beta on Fedora 16 To Use Btrfs Filesystem By Default · · Score: 3, Interesting

    Thanks for the correction, as that definitely is a notable difference.

    Now, if we can get a filesystem that supports autotiering (where it knows which array is SSD, which is spindles and places data accordingly due to times accessed), that would be great. Outside of EMC's offerings, I don't know any really available.

  23. Re:Fedora is essentially RHEL beta on Fedora 16 To Use Btrfs Filesystem By Default · · Score: 4, Informative

    ZFS still has a lot btrfs doesn't:

    64 bit CRC support so disk corruption is caught.
    RAID 5/6
    Block level deduplication
    Encryption

    ZFS also replaces the LVM layer, making write performance on raid-Z a lot better than a filesystem + LVM layer.

    This isn't to say btrfs is bad, but until dedupe is added, it will be a generation behind the competition.

  24. Re:THE NERVE OF THOSE PEOPLE IN CUPERTINO! on Want iCloud With Windows? Ditch the XP · · Score: 1

    You should have seen the carnage in the restaurant franchise wars, where the only survivor was Taco Bell.

  25. How long can we cheat Malthus? on Have We Reached Maximum Sustainable Population Size? · · Score: 2

    This gets me wondering how long we can cheat Malthus, until we have a big population die-off?

    When it happens, it will be a chain reaction. Famine, disease, and wars tend to go hand in hand, and if a population of an otherwise stable country starts starving essentially in toto, they will be doing desperate means to find a food source, even if it means overrunning a neighbor.