Lastly every time I hear "identity theft" it just tells me that the Banks etc are just trying to shift the blame/cost to the victim.
Because it if someone tries to use your name etc to open or access a bank account, it should not be considered "Identity Theft". It should be considered Fraud or even Bank Fraud.
Speaking of slowing the programs, I notice a lot of programs use delays in the order of seconds.
While this might be fine for human facing/usage scenarios, for other scenarios isn't 1 second a very long time for a CPU?
Would delays of 1 millisecond or less be better? Or is there some problem with that? IIRC FreeBSD had some HZ thing, and by default it was 100Hz, so 1 millisecond might be a prob:).
Is there a way for a CPU to make mutex handling easier and more efficient?
Another thing which might be worth looking into speeding up is "gettimeofday" and "trigger on event or register/memory=certain value" - I bet there's lots of code which regularly checks "is it time to do X yet?" or "wait till X happens" (e.g. wait for connection or data).
Maybe these aren't that CPU intensive so speeding them up won't help much in performance?
Maybe they want root for tradition's sake? I don't know why, but let's just assume that OK?
So they need to enter the user's password for sudo.
They do not have the user's password but apparently they can read the hashed version AND they can change the user's password without entering it.
So they back up the original password, change it, get root do whatever they want as root, then restore the password, and so it won't be obvious to the user that the machine has been pwned.
It's like interviewing for an artist. If the artist has no portfolio except what he did in school/uni, he/she is probably not really an artist.
In contrast if you enter the interview room and the interviewee is already doodling cool stuff on the piece of paper you left on the table, he/she is probably an artist:).
I use smartd, and configure stuff to run short self-tests daily, long self-tests weekly, and send email notifications if "stuff happens".
If you stick to a manual approach you might end up not checking often or regularly enough. That might explain why you never see a SMART status go bad before a sudden loss.
Yes there can be sudden complete losses, but from my experience, the first time you get a sector, CRC or other problem, you usually have a few hours or even a few days before the drive fails completely.
SMART is not good at predicting when you will get a problem (that's what Google's research has found also), but what I use SMART etc for is to detect errors ASAP so that I can replace the HDD before the other drives in the array fail too.
But who cares about that rare predictable failure method when the popular SSDs mainly fail in other ways?
I find it ridiculous that there are people here posting that SSDs fail predictably and when they start to wear out, they're go read only, when the real-world evidence (which I've linked to) says otherwise.
Maybe the old-fashioned ones did go read-only. But the newer ones are going poof in crazy and stupid ways.
The RMA rates show that with the exception of Intel, they are not significantly safer.
My guess is that the Samsung 470 SSDs are also as safe or even safer than Intel's - just google search for samsung SSD failed/bug vs ocz/sandforce/intel ssd failed/bugs and results seem to indicate that Samsung SSDs are of acceptable quality.
If the launch of the Samsung 830 SSD brings the Samsung 470 prices down enough, I might buy one or two:).
Do you really think the bulk of those 2-3% return rates (see the linked behardware articles) are due to wear induced failures?
a) If they are then the "wear levelling" stuff sure isn't working well enough. b) If they aren't then isn't it ridiculous to talk about wear induced failures being predictable when the bulk of the failures are due the bugs and other faults? And judging from google and feedback many of those don't seem as predictable.
One might try to claim the RMAs are mainly due to PEBKAC but note that the HDDs are showing similar return rates, and Intel has much better figures than the rest.
So I can only conclude that the SSD failures are not due to conventional wear, and they are due to the SSDs being crappier than they should be.
After all CNNIC (China) has their CA certs signed by Entrust. And the US Gov can probably get the big US CAs to sign whatever they want.
Thehackers generally won't MITM connections - they'd target the servers and users/clients. The Govs and ISPs are the ones who'd be able to mass MITM people. I don't live in a country with all those "nice amendments" to its Constitution, and my ISP has already MITMed my connections to insert ads, they seem to have stopped but who knows what else they would do.
In practice it probably wouldn't make a difference for most people since they would get phished;).
I might buy a Samsung SSD. The rest (except for Intel) don't have such a great track record even when compared to hard drive failure rates (and Intel's failures haven't been very confidence inspiring).
But I don't regard that sort of predictability of failure as acceptable, unless the manufacturer is paying me to use their products and gives me plenty of spares.
Because they don't have access to the web server but have access to the victims traffic (including DNS traffic). Example scenario: XYZ Gov vs people in XYZ country.
You can always get it to change when you are about to do something that you think requires a new session.
What I do notice when using tor is that Facebook for some reason alternates between different certs. Facebook says the certs are OK but the whole situation does look very strange: http://dankaminsky.com/2011/08/31/notnotar/
To me it's no big deal if the US Gov is MITM'ing or cracking my facebook traffic - they can get everything straight from Facebook anyway;).
Yep. Quarantine or similar approaches (condoms etc) are actually a pretty good way of dealing with contagious diseases in the macroscale.
After a while the disease either dies out or evolves to be less harmful.
Nowadays with the technology we have, many people or communities can remain productive and live not too terrible lives while under quarantine (heck some WoW players wouldn't even notice the difference;) ).
If everyone with just a sniffle worked from home and avoided contact with others, the common cold and flu would have to evolve to become near unnoticeable.
So far much of these HFT stuff has just been a way to either front-run or disguise it, so I'm not convinced about the benefits to the rest of society.
Proponents can talk about liquidity and creating markets till the cows come home, but when what I linked to keeps happening, there doesn't seem to be a net benefit.
And it happens a lot. There were some that had very long "winning streaks" (months?), which is impossible for normal traders. It's basically two classes of traders.
The ones in the right class get their trades rolled back if "stuff happens".
IBM is in the business of providing 1 million options to their customers and then telling them "Don't worry, just pay us lots of money every year and we'll make all the pesky choices for you".
So a world with Linux, Windows, AIX, etc is good for them.
Slashdot Mirror
I think the closest we have ever come to a symbol being an effective source of identity is the RSA securid and devices like it.
In order to effectively spoof them required breaking into RSA itself to collect the details needed.
Like this: http://yro.slashdot.org/story/11/06/07/129217/RSA-Admits-SecurID-Tokens-Have-Been-Compromised
http://it.slashdot.org/story/11/03/17/2321226/rsas-servers-hacked
Lastly every time I hear "identity theft" it just tells me that the Banks etc are just trying to shift the blame/cost to the victim.
Because it if someone tries to use your name etc to open or access a bank account, it should not be considered "Identity Theft". It should be considered Fraud or even Bank Fraud.
Speaking of slowing the programs, I notice a lot of programs use delays in the order of seconds.
:).
While this might be fine for human facing/usage scenarios, for other scenarios isn't 1 second a very long time for a CPU?
Would delays of 1 millisecond or less be better? Or is there some problem with that? IIRC FreeBSD had some HZ thing, and by default it was 100Hz, so 1 millisecond might be a prob
Is there a way for a CPU to make mutex handling easier and more efficient?
Another thing which might be worth looking into speeding up is "gettimeofday" and "trigger on event or register/memory=certain value" - I bet there's lots of code which regularly checks "is it time to do X yet?" or "wait till X happens" (e.g. wait for connection or data).
Maybe these aren't that CPU intensive so speeding them up won't help much in performance?
Maybe they could arrange with their pals in the stock exchange to entangle things so that no matter what happens, they win :).
Did you remember to put the current user's user name after "/Search/Users/" ?
/Search/Users/bob
e.g.
dscl localhost -passwd
Replace bob with the username of your current logged in user.
Did you put the current user's user name after "/Search/Users/" ?
/Search/Users/bob
e.g.
dscl localhost -passwd
Where bob is the current user.
Maybe they want root for tradition's sake? I don't know why, but let's just assume that OK?
So they need to enter the user's password for sudo.
They do not have the user's password but apparently they can read the hashed version AND they can change the user's password without entering it.
So they back up the original password, change it, get root do whatever they want as root, then restore the password, and so it won't be obvious to the user that the machine has been pwned.
Get it now?
It's like interviewing for an artist. If the artist has no portfolio except what he did in school/uni, he/she is probably not really an artist.
:).
In contrast if you enter the interview room and the interviewee is already doodling cool stuff on the piece of paper you left on the table, he/she is probably an artist
That's not a problem for most virgin slashdotters who are well quarantined in mom's basement.
;).
But our genes might die out before the disease does
I use smartd, and configure stuff to run short self-tests daily, long self-tests weekly, and send email notifications if "stuff happens".
If you stick to a manual approach you might end up not checking often or regularly enough. That might explain why you never see a SMART status go bad before a sudden loss.
Yes there can be sudden complete losses, but from my experience, the first time you get a sector, CRC or other problem, you usually have a few hours or even a few days before the drive fails completely.
SMART is not good at predicting when you will get a problem (that's what Google's research has found also), but what I use SMART etc for is to detect errors ASAP so that I can replace the HDD before the other drives in the array fail too.
But who cares about that rare predictable failure method when the popular SSDs mainly fail in other ways?
:).
I find it ridiculous that there are people here posting that SSDs fail predictably and when they start to wear out, they're go read only, when the real-world evidence (which I've linked to) says otherwise.
Maybe the old-fashioned ones did go read-only. But the newer ones are going poof in crazy and stupid ways.
The RMA rates show that with the exception of Intel, they are not significantly safer.
My guess is that the Samsung 470 SSDs are also as safe or even safer than Intel's - just google search for samsung SSD failed/bug vs ocz/sandforce/intel ssd failed/bugs and results seem to indicate that Samsung SSDs are of acceptable quality.
If the launch of the Samsung 830 SSD brings the Samsung 470 prices down enough, I might buy one or two
Do you really think the bulk of those 2-3% return rates (see the linked behardware articles) are due to wear induced failures?
a) If they are then the "wear levelling" stuff sure isn't working well enough.
b) If they aren't then isn't it ridiculous to talk about wear induced failures being predictable when the bulk of the failures are due the bugs and other faults? And judging from google and feedback many of those don't seem as predictable.
One might try to claim the RMAs are mainly due to PEBKAC but note that the HDDs are showing similar return rates, and Intel has much better figures than the rest.
So I can only conclude that the SSD failures are not due to conventional wear, and they are due to the SSDs being crappier than they should be.
I have never had a hard drive fail in this way. I have never seen a SMART status go bad before I had a very sudden loss.
What do you use to monitor SMART on your drives?
But can't the XYZ Gov get all those signed?
;).
After all CNNIC (China) has their CA certs signed by Entrust. And the US Gov can probably get the big US CAs to sign whatever they want.
Thehackers generally won't MITM connections - they'd target the servers and users/clients. The Govs and ISPs are the ones who'd be able to mass MITM people. I don't live in a country with all those "nice amendments" to its Constitution, and my ISP has already MITMed my connections to insert ads, they seem to have stopped but who knows what else they would do.
In practice it probably wouldn't make a difference for most people since they would get phished
See these (their usages might match slashdotters more):
http://www.codinghorror.com/blog/2011/05/the-hot-crazy-solid-state-drive-scale.html
These rates are probably for "normal users" (as in normal users who buy SSDs ;) ):
http://www.behardware.com/articles/831-7/components-returns-rates.html
http://www.behardware.com/articles/810-6/components-returns-rates.html
Note the common failure modes are not very graceful, they're usually brutal and/or weird:
http://www.dslreports.com/forum/r25491097-Dell-Laptop-and-SSD-Time-warp-issue
http://www.ocztechnologyforum.com/forum/showthread.php?83778-Time-warp-drive-vanishing-after-3-days-data-gone-on-reboot...I-need-3-to-5-users-with-this-issue-to-help
http://www.techspot.com/news/44694-intel-confirms-8mb-bug-in-320-series-ssds-fix-available.html
http://en.wikipedia.org/wiki/X25-M#Past_bugs
In contrast with most (not all of course) of the HDD failures I've seen you still can get a lot of data out.
SSD failure is predictable.
That's bullshit. You call the following predictable?
http://www.dslreports.com/forum/r25491097-Dell-Laptop-and-SSD-Time-warp-issue
http://www.ocztechnologyforum.com/forum/showthread.php?83778-Time-warp-drive-vanishing-after-3-days-data-gone-on-reboot...I-need-3-to-5-users-with-this-issue-to-help
http://www.techspot.com/news/44694-intel-confirms-8mb-bug-in-320-series-ssds-fix-available.html
http://en.wikipedia.org/wiki/X25-M#Past_bugs
I might buy a Samsung SSD. The rest (except for Intel) don't have such a great track record even when compared to hard drive failure rates (and Intel's failures haven't been very confidence inspiring).
http://www.behardware.com/articles/831-7/components-returns-rates.html
http://www.behardware.com/articles/810-6/components-returns-rates.html
For some people the failure is predictable in that they can almost bet the drives will fail within a year! http://www.codinghorror.com/blog/2011/05/the-hot-crazy-solid-state-drive-scale.html
But I don't regard that sort of predictability of failure as acceptable, unless the manufacturer is paying me to use their products and gives me plenty of spares.
Because they don't have access to the web server but have access to the victims traffic (including DNS traffic). Example scenario: XYZ Gov vs people in XYZ country.
You can always get it to change when you are about to do something that you think requires a new session.
What I do notice when using tor is that Facebook for some reason alternates between different certs. Facebook says the certs are OK but the whole situation does look very strange: http://dankaminsky.com/2011/08/31/notnotar/
To me it's no big deal if the US Gov is MITM'ing or cracking my facebook traffic - they can get everything straight from Facebook anyway ;).
Would someone who took over the domain be able to communicate which certificate and thus which CA is to be used?
If they can do that then what is there to prevent an MITM attack in the "Hostile Gov" scenario?
Does DNSSEC really help in for such scenarios?
If everyone self-quarantined as soon as they detect it in themselves it'll still reduce the spread. Might not even become an epidemic.
Yep. Quarantine or similar approaches (condoms etc) are actually a pretty good way of dealing with contagious diseases in the macroscale.
;) ).
After a while the disease either dies out or evolves to be less harmful.
Nowadays with the technology we have, many people or communities can remain productive and live not too terrible lives while under quarantine (heck some WoW players wouldn't even notice the difference
If everyone with just a sniffle worked from home and avoided contact with others, the common cold and flu would have to evolve to become near unnoticeable.
But has what they are doing been made illegal yet? http://en.wikipedia.org/wiki/Flash_trading
So far much of these HFT stuff has just been a way to either front-run or disguise it, so I'm not convinced about the benefits to the rest of society.
Proponents can talk about liquidity and creating markets till the cows come home, but when what I linked to keeps happening, there doesn't seem to be a net benefit.
The following does not make it cheaper for Joe:
http://www.nytimes.com/imagepages/2009/07/24/business/0724-webBIZ-trading.ready.html
http://www.nytimes.com/2009/07/24/business/24trading.html
And it happens a lot. There were some that had very long "winning streaks" (months?), which is impossible for normal traders. It's basically two classes of traders.
The ones in the right class get their trades rolled back if "stuff happens".
The ones who aren't in the right class get prosecuted for winning: http://www.computerworlduk.com/news/security/3244186/norwegian-traders-convicted-for-outsmarting-us-stock-broker-algorithm/
IBM is in the business of providing 1 million options to their customers and then telling them "Don't worry, just pay us lots of money every year and we'll make all the pesky choices for you".
So a world with Linux, Windows, AIX, etc is good for them.
Maybe some of us keep eating animals so that PETA will keep providing us porn ;) :
http://www.huffingtonpost.com/2011/09/21/peta-plans-porn-website_n_972497.html