Slashdot Mirror


User: dgatwood

dgatwood's activity in the archive.

Stories
0
Comments
14,277
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 14,277

  1. Re:Stupid and wrong on NIST Publishes Draft Guidelines For Server BIOS Protection · · Score: 1

    That's not significantly different than allowing an unsigned BIOS, security-wise, but requires a lot of extra effort if you're testing/developing custom BIOS firmware images. It's certainly a valid alternative; I'm just not sure it buys you anything.

  2. Re:Stupid and wrong on NIST Publishes Draft Guidelines For Server BIOS Protection · · Score: 5, Informative

    Actually, it's not easy. A trojan horse can draw the same UI, write the same file to the flash drive, and a naïve user would probably dutifully follow the instructions because the user would not know any better. Your "solution" is no better than the status quo.

    Allowing a power-user (someone who knows how to hold down the magic keys and isn't afraid of the BIOS UI) to install an unsigned update explicitly and manually is one thing. Such a user can be assumed to know enough about what he or she is doing to understand the risks of downloading a BIOS update from an untrusted source. Allowing unsigned BIOS updates to be installed by average users as a part of their normal day-to-day update process, however, is another thing entirely, and is a very bad idea.

  3. Re:Stupid and wrong on NIST Publishes Draft Guidelines For Server BIOS Protection · · Score: 2

    The correct solution is to give the machine a one way gate so that after POST the BIOS can't be updated, period.

    That would likely prevent BIOS updates from being provided by your OS vendor, which might not be the best idea. The correct solution would be to require that every BIOS update provided after POST be signed, while still allowing unsigned updates to be installed by the user manually from within a menu in the BIOS UI prior to booting.

  4. Re:So fix it. on Serious Problems With USB and Ethernet On the Raspberry Pi · · Score: 1

    No, but you can certainly search for it in Google just like I did....

  5. I'm certain this will get moderated as off-topic, but it needs to be said, because this particular moderation error seems to happen far too often here on Slashdot.

    Dear mods,

    In a threaded discussion forum such as Slashdot, it is important to look at the posting times when determining what is or is not redundant, not the position of the post in the discussion. Slashdot isn't like VBulletin or other "flat" bulletin boards; posts that are farther down were not necessarily posted after posts that appear higher up.

    My post, which you moderated as "redundant", was in fact posted more than ten minutes prior to the other post on the subject (which folks moderated up). In fact, THAT post was actually redundant. Mine was not. It is unfair to punish my karma by calling my post redundant when it was, in fact, the first post on the subject merely because someone else made a LATER post that happened to be higher in the hierarchy.

    Helpful tip: You can undo unfair moderation by posting in the thread (even anonymously) while logged in.

    This helpful public service announcement was brought to you by Slashcode. Slashcode: confusing moderators for fifteen years.

  6. So fix it. on Serious Problems With USB and Ethernet On the Raspberry Pi · · Score: 5, Informative

    The data sheet (in particular p. 203-ish) talks about the workarounds required to work around PHY bugs and other USB hardware. Doesn't look particularly complex.

  7. Re:Where are the FTL comms coming from? on Why Mars Is Not the Limit For Human Space Flight · · Score: 4, Informative

    I expect that we'll see FTL transportation before we see FTL communications across vast distances.

    Just to be pedantic, by definition, as soon as you have FTL transportation, you have FTL communication. Depending on the nature of the FTL transportation, it may be the "van loaded up with tapes" level of high-latency FTL communication, but it's still faster than light....

  8. Re:No on Does Recent Goodwill Undo Years of Patent Trolling For Intellectual Ventures? · · Score: -1, Redundant
  9. Re:Step 1 on Ask Slashdot: What Would Your 'I've Got To Disappear' Plan Look Like? · · Score: 1

    I didn't see El Paso when I did a quick skim of stations in the area, so I figured you'd have to bus it from somewhere else. But yeah, if there's an Amtrak station at El Paso, that would probably work better.

    As for whether Mexico is safe, I believe I did suggest immediately grabbing a cab and going to the nearest airport.... :-)

  10. Re:Step 1 on Ask Slashdot: What Would Your 'I've Got To Disappear' Plan Look Like? · · Score: 1

    You know, that's a tall order if you don't live in a pretty big city already.

    From the original question: "You are native to and live in a big city (> 1M pop)...". You're changing the question....

    That said, if you want my "I've got to disappear" plan for a small town, that's actually a bit easier. Just call up a few of your friends and tell them a bunch of creepy dudes in suits are chasing you. Ten minutes later, half the town is standing out there with shotguns saying, "We don't like your kind around here, and we'd like you to leave." And if they don't... well, let's just say that you've never seen an butt-whoopin' 'til you've seen a southern-style butt-whoopin'. :-)

  11. Re:Step 1 on Ask Slashdot: What Would Your 'I've Got To Disappear' Plan Look Like? · · Score: 1

    Seriously, No one is going to watch your random youtube video with conspiratorial claims in it.

    You'll notice that I said you should post the video on YouTube, not a video. By the statement's wording, it should be clear that what I meant was if you have video evidence, e.g. a cell phone recording of what went down, post it to YouTube.

    Not a video of you, the video of the event.

  12. Re:Step 1 on Ask Slashdot: What Would Your 'I've Got To Disappear' Plan Look Like? · · Score: 1

    nice job all of those plays are going to be watched for now

    *shrugs*

    You really can't fault me for following my own step one....

    Some other helpful tips:

    • Dress in layers and discard them often. Wear many hats.
    • If you're ever being tailed by spooks on foot, walk to the red light district and pay a few hookers a hundred bucks each to hit on the agents. It might not be enough to get them off your tail, but it'll sure piss them off, and an angry spook is more likely to make mistakes.
    • Although carpet tacks could ostensibly disable spooks' cars, they're dangerous to other drivers, and thus should be avoided. If you happen to own an EMP/HERF gun, on the other hand....
    • It helps if you own a fast motorcycle. Remember that the spooks probably are in cars and helicopters. Either way, you can probably outrun them on a Ducati, assuming you live long enough to get out on the open road.
  13. Re:Is there any guarantee on the new circuit board on After Hacker Exposes Hotel Lock Insecurity, Lock Firm Asks Hotels To Pay For Fix · · Score: 1

    Sure. But that doen't matter, because, in practice, nobody ever asks why you're doing it. That's the thing about social engineering. If you look like a maintenance person and act in a way that no sane criminal would ever act, nobody will ever assume you're anything but a maintenance person. Most of the time, even the rest of the staff will assume you're a new hire. Ironically, the best way to avoid detection is to be as overt as possible about what you're doing.

  14. Re:Price inflation? on Ubisoft Claims PC Piracy Rate of 93-95% · · Score: 1

    Yes, but increasing the CxOs' bonuses usually means taking larger profits so the stock price goes up.

  15. Re:Bull fucking shit! on Why Cell Phone Bans Don't Work · · Score: 1

    Indeed. If there were days of "shock enforcement" where 100% of available traffic officers specifically sought out to enforce cell phone driving laws instead of other non-immediately-deadly traffic infractions, people would respond QUICKLY.

    Um... they basically did that in California. And nonstop news stories. And....

  16. Step 1: Post the video on YouTube. After that, too many people have seen it, and other than revenge, there's no good reason to come after me.

    If that isn't an option, step one would be to publicly post my escape plan, then do something completely different.

    The best overall solution is probably to try to get lost in a crowd:

    1. Head for a busy shopping mall, exit through a nonstandard door, setting off the fire alarm as you do so.
    2. In the resulting confusion, slip into a subway station and grab the first train.
    3. Go exactly one station, leave your cell phone on the train (concealed), and then without exiting the station, change trains to go back in the opposite direction. Stay in the middle of a group of people on the train while you're passing the original station to avoid being seen by any spooks on the platform.
    4. Go several stations, get off, and hail a cab.
    5. Take the cab to an ATM (they're more than willing to stop and wait) and get as much cash as you can in a single day.
    6. Take the cab to a tourist location that is at least an hour's drive away, but is within a twenty minute walking distance from the nearest Amtrak station. Pay for the cab fare in cash.
    7. Walk to the Amtrak station and buy a train ticket with cash.
    8. Travel to your nearest border or near-border train stop (San Diego, Seattle, Niagara Falls, San Antonio, etc.), paying only in cash.
    9. Hail a cab for the border. Cross.
    10. Hail a cab and travel to the nearest airport in another country.
    11. Fly somewhere else.

    If you're lucky, by the time they follow the trail of security camera breadcrumbs to your final subway stop, contact all the cab companies to find out if they picked up anybody near there, figure out where they took you, and check all the security cameras for all the transit hubs near there, you'll be across the border. If you're really feeling insane, buy an Amtrak ticket to a different destination on a different route (using a credit card with your real name) just before you head a different direction. As long as the platform is outdoors, it is unlikely that they'll be able to determine whether you did or did not get on that particular train, which might provide an additional delay.

    Oh, yes, and as you're getting out of the cab, give a homeless person one of your credit cards. Make them chase a ghost.

  17. Re:Is there any guarantee on the new circuit board on After Hacker Exposes Hotel Lock Insecurity, Lock Firm Asks Hotels To Pay For Fix · · Score: 1

    I take it you've never drilled the head of a screw. Hint: it doesn't hold anything on after you do that.

  18. Re:Price inflation? on Ubisoft Claims PC Piracy Rate of 93-95% · · Score: 1

    If piracy went down, then game companies would have more money. This would allow them to do any of the following: reduce the price, pay their employees more, use bigger budgets to create more expensive games (which hopefully results in greater depth, quality, game-balancing, etc).

    Or D. Pay their stockholders more. I'll let you guess which is most likely.

  19. Re:Is there any guarantee on the new circuit board on After Hacker Exposes Hotel Lock Insecurity, Lock Firm Asks Hotels To Pay For Fix · · Score: 1

    There's a number of tamper-resistent Torx variations out there, only one of which is likely to be at ACE.

    Who cares. A Dremel or a cordless drill will remove all of them. If you're breaking into a room, odds are you don't care about property damage. If you want to hide the evidence long enough to escape, a little self-stick tape will hold the covers on just as well as the screws.

  20. The tl;dr of Quinn's argument is that since the FaceTime app itself will only work on approved plans, the network isn't doing the blocking, it's the app that's doing it.

    No, if that were their argument, they'd be essentially claiming that AT&T didn't set that policy, which must mean that Apple has the right to change the policy and remove the restriction. AT&T would have to be idiots to make that suggestion, because it might cause Apple to take them up on it. :-)

    The core of their argument is that it doesn't compete because A. it's built into the phone, and B. there's no competing AT&T video chat service that's built into the phone. The first point is a specious argument because the customer paid for the phone. It doesn't matter whether the customer bought an app or bought a device and was told they couldn't use a feature of it. It's still the same from a net neutrality perspective. The second point is an utterly bullshit argument. Video chat doesn't just compete with video chat. It also competes with voice calls.

    AT&T needs to be spanked as hard as humanly possible for this. They're very publicly violating both the spirit and the letter of net neutrality rules. If they don't get fined, and I mean massively, the we can safely assume that no carrier will ever be punished for net neutrality violations, and that the FCC's policies are mere words with no actual teeth.

  21. Re:Hype! on IEEE Seeks Consensus on Ethernet Transfer Speed Standard · · Score: 2

    Now, one thing that many businesses want would be the idea of clients with no local storage, or perhaps even remove all processing in the local "terminal", and have a central server provide EVERYTHING.

    The last thing most businesses want are dumb terminals. It doesn't matter how fast the link is. A thin-client business is a business that ceases to function if the very-expensive server goes down. The few businesses I've seen that want thin clients are mostly in retail, and their networking needs are usually met quite well by 10BASE-T.... Most businesses prefer the robustness and redundancy of computers that can mostly function independently.

    For the residential market, there will also be some who go with a central "server" for all their music and videos in the home, and for that, higher speed links would be welcomed.

    No, they wouldn't. Even for most of those folks, 100 megabits per second is more than fast enough. Most users who set up a central video server haven't even bothered to upgrade to gigabit yet, much less 10 gigabit, much less terabit. You can reliably stream HD video over Wi-Fi. You pretty much have to have insane networking needs to want to go past gigabit. Even Blu-Ray HD video has a maximum data rate of 40 Mbps. So to require more than gigabit speeds, you would have to be streaming 25+ Blu-Ray-quality high definition video streams. And your server would have to be able to serve 25+ Blu-Ray-quality high-def streams simultaneously.

    We've gotten to the point where in-home networking is way more than fast enough to suit even the most demanding home users, and all but the absolute most demanding business users. Improving LANs is not a useful thing to do right now. That time and energy should be expended where it will actually do some good in the real world, which means improving the speed of WANs, not LANs.

    Basically, think outside your perception of "the general public", and look at where things WILL be.

    I am. I still don't see the point. You have two options for servers: making the servers bigger or making the servers more numerous. Unless you are doing something where strict synchronization is important, there's no benefit to one versus the other, which means there's no real benefit for making LANs faster. Those rare exceptions are things like render farms, build farms, etc. and are such tiny exceptions to the rule that they almost aren't worth seriously pondering. So the number of people or companies that would be helped by terabit LANs even in a decade or two is going to be measured in the single-digit millions of computers, give or take. By contrast, the number of folks that would be helped by faster WANs even today would be measured in the single-digit billions of computers. On that scale, the benefit from faster LANs is a rounding error.

  22. Re:Cue the 1st amendment nuts on Ex-Marine Detained For Facebook Posts Deemed "Terrorist in Nature" · · Score: 1

    I'm just waiting for the butt bomber and the resulting mandatory body cavity searches or full-body CT scans.

  23. Re:Cue the 1st amendment nuts on Ex-Marine Detained For Facebook Posts Deemed "Terrorist in Nature" · · Score: 1

    In the U.K. there's a handy verbified noun for this - 'sectioned'. I dunno if there's something equivalent in U.S. English.

    Committed.

  24. Re:Hype! on IEEE Seeks Consensus on Ethernet Transfer Speed Standard · · Score: 1

    Yes, and for a few esoteric markets like high-performance computing, that matters. For the rest of the world, it doesn't.

    Businesses with lots of computers may say they want terabit Ethernet, but computers aren't built for them. They're built for consumers. When the average consumer has at best double-digit Mbps service to their home, there's not much impetus for computer manufacturers to build in hardware that goes much over gigabit. So when businesses realize that the only way they're getting terabit-E is to spend a thousand bucks per workstation, they'll be like, "Eh... lemme think about it and get back to you", and then they won't.

    And even if it were only fifty bucks, the cost justification would be pretty difficult even for businesses. Outside of high tech firms, most businesses' internal networking needs are pretty modest. If a faster network could get them data from the outside world faster, they might go for it, but when you ask a manager how much it is worth for that file to get across the LAN in three seconds instead of fifteen, in most businesses, their answer would be "not much". Within high tech, of course, terabit Ethernet would be a godsend—it would improve performance of build clusters pretty dramatically, for example—but high tech companies don't provide the purchasing volume to bring 10-GigE down into the consumer space, much less terabit.

    To put things in perspective, when gigabit Ethernet came out, it took just a little over a year before you could buy computers with built-in GigE. The 10-GigE standard came out five years ago, but still you don't see PCs with 10-GigE. Nada. Zip. Zilch. If it takes a decade for that to be anything more than a niche product, it'll take a century for them to see any return on their investment in designing the next generation of LAN technology. Why? Because the only people who buy networking products in any real volume are using it mainly to connect to the outside world, and if someone's WAN pipe is a garden hose, that person is not going to repipe his or her house with 12-inch pipes.

  25. Re:Hype! on IEEE Seeks Consensus on Ethernet Transfer Speed Standard · · Score: 1

    I would be happy just to have speeds shown at 'real world' results, rather than 'theoretical' limits. What good are these ratings if people in the real world never actually see them?

    Sadly, for most of us, the real-world speed of our 1 Tbps Ethernet connection will be the speed of the 1.5 Mbps DSL line that feeds it. All the fast LANs in the world won't help you if WAN speed improvement is blocked by telecoms that don't want to spend any money on their infrastructure.