Slashdot Mirror


User: mlts

mlts's activity in the archive.

Stories
0
Comments
5,534
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,534

  1. Re:cache difference on AMD One-Ups Intel With Cheap Desktop Chips · · Score: 1

    Knowing most software makers, they would just have their programs refuse to run if they are not installed on the latest and greatest CPU if push came to shove and they couldn't continue to code on the cheap. Or they would just have their stuff run poorly and users would get used to clicking on a button and waiting 30 seconds for a result, just like the early days of X-Windows on some machines. Marketing people will call it accustoming the user to the new software experience where one types, then 20-30 seconds later the text will show up on the screen.

    It makes me wonder what life would be like if a core enterprise UNIX (BSD, Linux, Solaris or AIX), became the mainstream OS of choice for home PCs. People would never tell a computer novice to reboot unless it was a hardware or kernel upgrade, and a reinstall just wouldn't be done unless the box was hacked. Probably one of the most common problems would be replacing the battery powered chips because people set the boot PROM password then forgot it. Viruses wouldn't be an issue, although there would still be break-ins and compromises due to unpatched machines, or Joe Sixpack running a Trojan in effort to view the dancing bunnies.

  2. Re:cache difference on AMD One-Ups Intel With Cheap Desktop Chips · · Score: 1

    What I see happening is that we will be seeing more specialized functions put on the CPU silicon as opposed to extra CPU power primarily. Of course, CPUs will get more powerful, but it won't be Moore's law doubling. Instead, what we will see are more specialized tasks (AES encryption for example, perhaps RSA) given specialized hardware. We will see more caching. We definitely will see more cores. Perhaps we will see specialized cores, so a CPU would have six cores that are mainly designed to do integer stuff (but can do FP in a pinch, not optimally though), and two cores optimized for FP work, but can do integer performance. Then operating systems will get a process scheduler that can take advantage of this and put floating point intensive tasks on the FP-heavy cores, unless the FP heavy cores are completely used, then they go on the integer cores.

    I also see eventually a hypervisor being put in at the CPU level. This way, a VM sees that it has 12 cores available to it, when in reality, it is handed CPU allocation by a min/weight/max configuration, so the 12 cores might be 25% of a single physical core at minimum, and 100% of 4 cores at maximum.

  3. Re:Defense in depth on Are Desktop Firewalls Overkill? · · Score: 1

    That might be another use for a smart NIC -- take remote kill commands regardless of how stoned the OS is. Say the problem as mentioned above happens, the laptop can be configured to pick up kill commands at a certain location and either lock the adapter down until further notice, or pass word to the BIOS to do a password lock and secure ATA erase of all drives.

  4. Re:Defense in depth on Are Desktop Firewalls Overkill? · · Score: 1

    I used to have an old HP desktop box with an nVidia chipset that actually was cognizant of level 3. By dropping the nForce drivers onto the system, it could actually do hardware firewalling before packets ever touched the OS, and was able to do some advanced stateful firewalling.

  5. Re:Does anyone know on Introducing the Invulnerable Evercookie · · Score: 1

    Depends on the virtual machine software:

    XP Mode or Hyper-V, without the VT switch on, it will just laugh at you.
    VMWare, it will run, didn't notice a performance hit.
    Virtualbox, same as VMWare.

  6. Re:Flash drives, tarballs, &c. on Are Desktop Firewalls Overkill? · · Score: 1

    Any sane enterprise segments their network by function and department and will isolate machines from each other. Yes, it might be nice for the MP3 stash on a computer in HR to be able to be streamed to the guy in sales, but sane IT staff will be making sure that each department is separated from each other. This way, the guy over in receiving who is browsing stuff he shouldn't be and gets a computer infected will only affect that department and set off the IDS over in that part of the company. Sales wouldn't be affected because the receiving box is not allowed to communicate with anything over there.

    A decent enterprise fabric will not just provide connectivity, but the ability to isolate on a moment's notice. It isn't hard to turn on NAC and have compromised machines face a remediation server before allowed to come back on the corporate network.

  7. Re:Defense in depth on Are Desktop Firewalls Overkill? · · Score: 1

    Maybe this is a good argument for having NICs that have hardware firewalling. This way, Windows can be left wide open, but unless the hardware configuration utility is explicitly run to open ports on the NIC, nothing will be able to get in, except perhaps ping, and if done right, the hardware card would handle that [1], and not let that touch the OS at all. Couple this with an outgoing rule to block port 25 out so if the laptop does get rooted, it won't turn into a spam server, and that is a decent security solution on the road.

    More advanced NICs could even have code to check for malware in flight, offer dynamic IP blackholing, and other features. This way, the OS security is less of an issue.

    [1]: It could go as far as having a NAT and abstracting all network function, so no matter what the real configuration is, Windows on the laptop thinks it has a dynamic IP, while the IP stack on the NIC takes care of answering anything incoming from remote.

  8. Re:"That's the great thing about evercookie" on Introducing the Invulnerable Evercookie · · Score: 1

    The thing is that people here on /. consider forever cookies pointless at best, and a security threat at worst, there are people out there who make their cash on identifying machines, correlating them with user behavior, and selling that to people so they are able to figure out at what time of day or week you are most interested in their crap and how much you are willing to pay for what they are selling.

    Gambling websites use third parties whose sole job in life is keeping a list of unique Web browsers and assigning a weight of profitability on them. If someone seems to be cheating, that computer gets silently banned across all the sites the third party helps out, just as if someone gets banned from one casino for cheating, they get banned from almost every casino on the Strip at the same time. This is a big business. Look up "iesnare" for more on this.

    Couple the ease of using the PNG data mechanism to store permanent results, with the fact that it is easy to get a unique signature of a user due to the fonts they have and other items reported, and you will find that being able to identify people uniquely is not just possible, but easy and automated for firms.

    The solution? More than just clearing out cookies in the browser, due to all the stuff stored by shared objects. Stuff like the BetterPrivacy add-on in Firefox help, as well as add-ons that prevent it in the first place. However, the only real solution is either sandboxing everything browser related like sandboxie, or running the browser in a completely different OS space that dumps all its changes.

  9. Re:Not hard to beat at first glance. on Introducing the Invulnerable Evercookie · · Score: 3, Informative

    Thanks for the reminder. Last time I looked into sandboxie, it did not support 64 bit operating systems, which is does now. Using it is a lot easier on the CPU and more convenient than creating a VM with a Web browser in it and rolling it back when done for that session.

    With Unity mode on VMWare Workstation or the equivalent on Windows 7 and XP Mode, keeping a Web browser in a sandbox isn't that much work, especially if one is having to use a backlevel version of IE for some websites that force IE6, and even does JS/VBScript checks to check for a changed UserAgent field.

  10. Re:Seriously on Twitter Closes Hole After Attack Hits Up To 500K Users · · Score: 1

    How about allowing for unlimited characters, but store it in a 128-bit MD5 hash? It isn't as secure as SHA-256, but it is close enough for this work.

  11. Re:ZA -- good but time passed it by on ZoneAlarm Employs Scare Tactics Against Its Users · · Score: 1

    If a user is using XP, even XP's outgoing firewall is decent. These days, the only real niche for ZA is Windows 2000 and earlier, operating systems with no intrusion protection from incoming network attacks.

    Other than the edge/corner cases of embedded equipment running Windows 95/98/ME/NT/2000, people who still have HP Journadas or other portable items that run a way backlevel version of the OS, and maybe someone running old applications on a VM with this old an OS, I just don't see any point for ZA as a standalone product anymore.

    If I were running Checkpoint, I'd sell the software product for an inflated price for backlevel systems (Windows 2000 and earlier), put the software on maintenance mode, and call it a night.

  12. Re:Anyone know a decent software "firewall"? on ZoneAlarm Employs Scare Tactics Against Its Users · · Score: 2, Informative

    That is exactly how to do security these days. Running a capable browser with Adblock, Foxit for PDF reading, keep add-ons like Quicktime and Flash updated if one uses them. Just Adblock alone gets rid of the dodgy ad sites, some of which allow third party advertisers to try to use bugs in add-ons as a vector for compromise.

    Hardware firewall first to protect machines from incoming network attacks. Second are filtering the ad sites which will happily slap drive-by malware on people's machines. Third, filtering out JS and other add-ons unless the user wants to see them.

    Finally, fourth is a program like Microsoft Security Essentials that is licensed at no charge and does not nag. This all assumes the user is clued enough to not be affected by the Dancing Bunnies security hole too.

  13. ZA -- good but time passed it by on ZoneAlarm Employs Scare Tactics Against Its Users · · Score: 3, Insightful

    I remember ZA being decent, especially the registered version. However, there isn't a need for it anymore, just like there isn't a need for QEMM-like packages for new equipment. Windows 7 has a decent built in firewall to keep things out [1], and for antivirus protection, Microsoft Security Essentials is a download away and licensed at no charge.

    [1]: If a compromised app is trying to phone home, the battle is lost when it comes to host security. So having a firewall popping up Allow/Deny dialogs is pointless on post-XP Windows versions because of the amount of false positives generated.

  14. Re:90's OS on Looking Back At OS X's Origins · · Score: 4, Interesting

    I'd disagree. The two best UIs from the early '90s were from NeXTStep and IRIX [1]. NeXTStep was very usable, although a bit funky to get used to with the command bar and such. However, it was one of the few workstation OSes that was also a very well thought out OS for daily desktop use. Hardware wise, the NeXT was expensive, but the cube was well made, and the printer did a decent 400 DPI, which was great for its time.

    Come the mid 90s, Windows 95 was actually a decent improvement, but the NeXT dock is still one of the UI concepts that is still common even now.

    [1]: Technically, the IRIX 4Dwm window manager. For eye candy, it couldn't be beaten at the time (and this was before CDE came out, and waaay before the KDE/GNOME initatives.)

  15. Re:Cloud apps more secure? on Google Apps Gets Two-Factor Security · · Score: 1

    I didn't state that advertisers had access to E-mail contents, but analytical data relating to E-mail traffic. However, the cloud provider is the place that decides how much or how little anonymizing takes place. For example, does an advertiser get to know that account "X" gets a lot of mail with the "buying a Chevrolet" that are not spam often, or does that person do a lot of dialog about buying Fords?

    In any case, if advertisers are paying the bills as opposed to the end user, E-mail account holders are not customers. They will be viewed as visitors at best, leeches at worst.

  16. Re:Old formats get discontinued on Intel Threatens DMCA Using HDCP Crack · · Score: 1

    Availability is a chicken and egg scenario. For example, if a movie company wanted to force people to HD-DVD, and only sold titles on that platform, they would be feeling the hurt when nobody bought any of their stuff. If the whole movie industry decided to stop selling on DVD and only sell BD copies, they would be suffering financial losses as people just would pass their stuff by. Same if music companies only bothered selling albums in DVD-Audio and not CD.

    VHS is at least one, if not two mainstream generations behind. I'd not expect Blind Guardian's new album to be on cassette tape [1], similar with recent movies and VHS.

    [1]: LPs are a completely different story, mainly because of the reverence given this format, and the fact the format is not just about how the music is encoded, but the whole gestalt of a record.

  17. Re:So how long before HDCP is replaced? on Intel Threatens DMCA Using HDCP Crack · · Score: 1

    Depends on the economy. These times, Blu-Ray is finally starting to sell, mainly because players are starting to fall in price where they are not much more expensive than a standalone DVD player. If Intel decided to have HDCP run every year and have HDCP 2011 not compatible with HDCP 2012 without a signed firmware upgrade, Joe Sixpack would return the non functioning HDCP 2012 device and say it no workie to the clerk at Wal-Mart.

    However, if the economy is good and a lot of people are upgrading their home theatre stuff because of 6 color pixels, 3D TV, 1280p, or some other gimmick, then it might be possible to sneak a HDCP replacement.

    As it stands now, it is unlikely that home users would stand for this, but one never knows.

  18. Re:Cloud apps more secure? on Google Apps Gets Two-Factor Security · · Score: 1

    Blergh, pardon the grammar goofs. What I intended to state is that it is hard for a company to serve two different types of interests without letting one win out. Does a cloud provider prefer privacy of paid E-mail customers over ad data handed to advertisers?

    Perhaps the best of both worlds would be dividing the two interests into separate divisions. Paid E-mail goes to one set of servers where the sole focus is the customer. "Free" [1] E-mail goes to another set where advertisers can get their statistics they pay for. If there is a privacy lapse in the "free" E-mail, it doesn't affect the paid customers.

    [1]: TANSTAAFL. Gmail is probably the closest thing to a decent "free" E-mail provider out there, but for privacy's sake, I much rather use a provider that I pay and who does not get ad dollars.

  19. Re:Cloud apps more secure? on Google Apps Gets Two-Factor Security · · Score: 2, Interesting

    If you look at a cloud provider like Google, there are two paying customers: Enterprises and businesses, and advertisers. So, on one hand, the cloud provider needs to protect data for people paying for their apps. On the other hand, they need to cough up data so the advertisers keep paying.

    This bifurcation is why I prefer using E-mail providers whose sole revenue stream is customers. This way, advertisers have no vested interested in what data sits on the servers. Hosted Exchange providers come to mind here, same with me.com.

  20. Re:Cloud apps more secure? on Google Apps Gets Two-Factor Security · · Score: 1

    There are times when having something non-networked is useful. Offline key signing for example where one takes a USB flash drive full of items to be signed to an offline HSM in a physically secure location where only a few people have access to it.

    What I see that might happen as a compromise between completely air-gapping versus complete connectivity are private backbones. Think NIPRNet, except for businesses. I can see banks coming out with a backbone, "BIPRnet" which connects businesses either on their own dedicated lines, or encrypted gateways if the traffic does have to go over the Internet.

    Because this is a closed backbone, it doesn't have to even use IP. It can use its own protocol or virtual circuits with a master machine deciding which boxes on the backbone can communicate where.

  21. Re:*Yawn* Local Root Exploit on Linux Kernel Exploit Busily Rooting 64-Bit Machines · · Score: 4, Insightful

    Pretty much Greyfox sums it up right there. The days of having hundreds to thousands of users with shell access on a university or public access machine are long gone. Instead, the focus of security has moved from keeping users out of root [1] to keeping people from getting to the machine in the first place, and if they get to the machine via a networking protocol, not being able to execute code in any meaningful context on the machine.

    The only time I'd worry about this is if someone could get a shell or execute code in an application's context (say they manage to do a buffer overrun and are able to stick a user shell on a port, for example.) However, this is what AppArmor and SELinux are designed to stop anyway, so even with root context, and attacker is limited to what they can do.

    [1]: This isn't to say that user to root priv exploits are something to be completely neglected, of course.

  22. Re:Ridiculous... on Intel Wants To Charge $50 To Unlock Your CPU's Full Capabilities · · Score: 1

    There is a lot a company (and I'm using this in the generic sense) would gain by having a completely closed and locked architecture that is geek hostile. If a company can make a product that is extremely hack-resistant and forces consumers to always pay for incremental stuff (DLC, ability to play used games, monthly fees for single player games, monthly media access fees), they are going to be rich and have a guaranteed income source on the books each month.

    MBA 101 -- squeeze customers. It will take a lot of squeezing before people show a company the middle finger and stop using a product they just bought. Especially if the company had a product that was the only game in town.

  23. Re:not new on Intel Wants To Charge $50 To Unlock Your CPU's Full Capabilities · · Score: 1

    Mainframes != PCs.

    When a company buys a mainframe, they really don't care how many CPUs are sitting in the CEC, versus ones paid for. The reason enterprises buy mainframes is because big iron is made to be working with 100% uptime, and if a part failed, some redundant component takes over, IBM is servicing the down part, and the end users are not noticing a single bit of downtime. Companies buy mainframes for the service agreements and the reliability.

    With a mainframe, a company expects to get the box installed, carve out LPARs, install applications and DB servers, and have a good assurance that 3-5 years later with a 24/7/365 business, the amount of unscheduled downtime they have had to deal with is numbered in seconds (barring network issues, obviously.)

    PCs are different. x86 hardware is intended for commodity use where reliability is not really as much a concern as price. PC hardware is decently reliable for the most part, but any IT departments expecting 3-5 nine reliability from x86 stuff without multi-machine clustering would be just plain delusional. With PC hardware, what is under the hood is the important thing people are buying.

  24. Re:The wall, and the end of the world. on Is SSD Density About To Hit a Wall? · · Score: 1

    Very true. However, what happened is that computing dealt with that plateau by finding ways around it. Caching comes to mind for this. After caching in RAM (main RAM and DRAM on the controllers) comes tiered storage and using faster drives as cache for swap (think ReadyBoost.)

    If one tier of computing (l1 cache, RAM, storage) doesn't expand, another will. RAM densities have not gone up that much, but hard disk densities have, so a lot of work is put into caching. If by chance we end up with a breakthrough in RAM densities that make it possible to have 100Tbit DRAM chips, there will be a mechanism that writes data to non-volatile storage coupled with batteries to ensure the DRAM arrays stay refreshed until the writes are completed. If by another chance, we end up with a breakthrough allowing CPUs to have millions of registers on a die without any real architecture impact, we will see CPU microcode to take advantage of that.

  25. Re:The wall, and the end of the world. on Is SSD Density About To Hit a Wall? · · Score: 1

    It does happen and we find a way around it. Take CPUs. We ran into a wall with clock speed, so we are going with more cores. Once adding tons of cores onto dies stops giving tangible returns, we might go with stacking larger and larger caches, or some future 3D masking technology to allow the caches to be stacked on top of or below the rest of the CPU. When that peters out, there is always moving to 128 bit word lengths, adding more registers, and even newer CPU architectures and emulation.