Slashdot Mirror


User: hawguy

hawguy's activity in the archive.

Stories
0
Comments
5,882
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,882

  1. SSH is insecure? on How To Use a Linux Virtual Private Server · · Score: 2

    In the linked article, the author says:

    Logging in to the root account, even over SSH, is potentially a little risky. If a key-logger gets installed on my desktop PC or a hacker breaks the password, then it’s game over. It’s possible to configure SSH on the server to use a public key/private key for remote logging, so I’m looking into setting that up.

    Why is a a key-logger an issue for SSH, but not for whatever mechanism he'd use to manage a Windows server?

    Logging on as root is risky, but not because of a keylogger - if he'd logged on with a non-root account that has sudo access, he wouldn't be any more secure. Using SSH public/private keys is definitely a good idea, but if someone has been able to install a keylogger on your computer, then there is no reason to think that they can't also grab your SSH keys and the passphrase to the keys.

  2. Re:I certainly don't on Ask Slashdot: Do You Still Need a Phone At Your Desk? · · Score: 1

    In my office we have a smart phone app that runs on the desktop, when a call comes in you can put the headset on (if you're not already wearing it) and take the call, much like you pick up the handset from a traditional phone.

    So, in order to receive a "phone call", your computer needs to be running,
      the phone app needs to be running,

    Right, but if my computer is not running, I'm not getting any work done anyway, so that's not much of a hardship. Users that don't want a softphone that runs on their computer can ask for a desk phone, but I'd rather not give up the desk space to something I rarely use.

    the network connection needs to be working,

    I haven't worked in an office in the past 5 years that didn't have a VOIP phone system, so Network is always a dependency for a modern phone system.

    and the phone server software (which translates from POTS to your VOIP system) needs to be working

    Our phone vendor calls that a media gateway - we have two of them, each with its own set of T1 lines, so if one goes down, the other takes over seamlessly (except for dropping any active calls). We also have a SIP trunk that we route international calls over since our normal phone provider has terrible international rates.

    In addition, you still need enough POTS infrastructure to be able to handle simultaneous calls to the VOIP server.

    We have no POTS lines, and didn't have any even before this "new fangled" voip phone system was installed about 5 or 6 years ago - before VOIP it was a "digital" system, but still had calls coming in over T1 lines, no POTS lines at all. Well, we have a few for emergency use.

    I suppose you could let a third party handle the conversion and just run VOIP from them to your office, but then you end up relying on the Internet connection between them and you, and you get some pretty nasty vendor lock in (if they raise your monthly fee, you pretty much have to pay, at least for long enough to find a different provider that is compatible with your existing headsets).

    SIP is a standard for VOIP and mostly works well - at home I have a couple SIP endpoints (SIP phones and an analog-to-SIP gateway that I use for my cordless phone) and they all connect over the internet to my SIP provider. I've changed SIP providers 3 times over the past few years, and have ported my phone number with it, so there's no vendor lock in.

  3. Re:I certainly don't on Ask Slashdot: Do You Still Need a Phone At Your Desk? · · Score: 1

    95% of my incoming calls are reception asking if I want to speak to somebody trying to sell me something.

    Sounds like you need a new receptionist.

    When Reception forwards calls, my phone shows a different incoming number than when they call me directly (i.e. to announce I have a visitor). I almost always ignore their forwarded calls since they are nearly always salespeople, letting them go to voice mail. For a while I had one of the receptionists forward my calls direct to my voicemail, but there's been so much turnover in Reception, it's hard to keep them doing it.

  4. Re:I certainly don't on Ask Slashdot: Do You Still Need a Phone At Your Desk? · · Score: 1

    The original question was a little ambiguous... do they mean "phone" as in a dedicated chunk of hardware for talking on or do they mean "phone" as in some way to interface with POTS? We are phasing out our POTS phones, but we still have a do-dad hooked up to our computers. Many of us also have company-issued cell phones. The computer do-dad (hooked into Office Communicator) is mostly for making international calls, since no cell carrier sells competitive international service. I personally still have a desk phone for international calls, since they haven't switched me over yet.

    That's just it.

    What do you do if you GET a phone call? Does it play on your computer speakers for all to hear the results of your "test" at the Dr's office? Headphones? Bluetooth in your ear all day?What if it forcecloses the phone app because you installed a buggy copy of fruit ninja 12? What if your battery only lasts an hour because of a rogue weather app that won't stay closed?

    In my office we have a smart phone app that runs on the desktop, when a call comes in you can put the headset on (if you're not already wearing it) and take the call, much like you pick up the handset from a traditional phone.

    Is it going through your smartphone? What if the battery is almost dead and you've forgotten your charger?

    My phone system lets me forward calls to my cell phone if I want to. I haven't owned a cellphone in years that can't be charged via USB, and I always keep a USB cable connected to my computer so I can charge if it I want to - so I never "forget" my charger.

    What if it falls out of your pocket into the toilet?

    The same thing that happens if I spill coffee on my desk phone - call IT and tell them I need a replacement.

  5. Re:Shouldn't the question be... on Ask Slashdot: Do You Still Need a Phone At Your Desk? · · Score: 1

    Why would my employer pay fifty bucks or more for a cell phone when I'm at my desk all day and a desk phone is about five bucks? I'm not taking my work phone home, nor will I use my personal cell phone for work.

    Now, does one need a POTS phone at home? Why would you?

    What kind of desk phone do you have that costs $5? The phone on my desk costs around $600, though it will outlast a $600 cell phone.

    Once you add in the telecom costs including phone system purchase, depreciation and maintenance, telecom salaries, etc, I'd guess that the "cheap" desk phone costs around $150 - $200/year, not including usage charges.

    But despite what they spent to give me a nice desk phone, I almost never use my phone. About the only calls I get are cold calls from salespeople and head hunters, if I don't recognize the number, I generally don't pick up.

  6. Re:Doesn't help on MPAA: the Impact of Megaupload's Shutdown Was 'Massive' · · Score: 5, Interesting

    I really don't understand what the hoopla about content is. I stream in Netflix and have a basement full of VHS tapes. I have yet to figure out why any of it was worth saving or why I bother to keep watching. Most television shows amount to " I Love Lucy", "Dragnet" or "The Price is Right" with tweaks. Movies are outright regurgitation of previous works without exception. Who really is getting paid for this? The originators are long dead and the flunkies who worked on these projects are already paid. The studios who made them are already paid, over and over, through advertising , sales (suckers who bother to purchase hard copies that will gather dust just like all my VHS I mentioned earlier). Maybe this is just about lawyers creating a stream of revenue for themselves. Maybe if we sprinkle "Roach-Pruf" around, this will go away.
    Silly asses!

    I actually like rewatching old movies.

    I'm mid way through copying my 200 DVD's to my home fileserver so it's even easier to watch them. So far, I've run across two that I couldn't copy due to copy protection on the DVD (Wall-E, and some other Disney movie, I think it was Cars). I think there's some Windows software to bypass the protection, but it didn't take long to find a copy online that I could download.

    I wonder if my cable company ratted me out for bittorrenting the two movies? Maybe the movie industry will sue me for downloading movies that I already paid for.

    I dropped my Netflix disks-by-mail plan and started buying used DVD's from Amazon -- they are pretty cheap, I usually pay $5 or $6 including shipping, so I can buy 3 movies/month for about the same as I was paying for the Netflix subscription.

  7. Re:my password on New 25-GPU Monster Devours Strong Passwords In Minutes · · Score: 4, Insightful

    1.... 2.... 3.... 4.... 5....

    29 characters, including spaces...not bad. As long as the attacker doesn't know anything about your password and has to test all ASCII printable characters, that's over 180 bits of entropy in your password. So I think you're safe - the article says it would take 5 hours to hack an 8 character NTLM password. (which is not the same as LM (WinXP))

    I think NTLM only keeps a 128bit hash, so if it were possible to brute force the entire key space, the attacker would likely find a hash collision that works as your password before finding your actual password.

  8. Re:Same applies elsewhere? on Researchers: PATRIOT Act Can 'Obtain' Data In Europe · · Score: 1

    Could they encrypt they data? And only a subsidiary who only work for the provider have the keys? That way, they can ask the datas, but not the keys because the company holding the keys doesn't work in the states...

    Rather than handing the keys over to the hosting company, the company should hold their own encryption keys - then no one can access their data without permission, not even the hosting company. (well at least not data at rest - the hosting company can still intercept web traffic, scrape server memory, etc).

  9. Perjury? on Movie Studios Ask Google To Censor Links To Legal Copies of Their Own Films · · Score: 4, Informative

    So what does the "under penalty of perjury" part of a DMCA takedown notice mean?

    AFAIK, a takedown notice has to include something like this:

    Under penalty of perjury I certify that the information contained in the notification is both true and accurate, and I have the authority to act on behalf of the owner of the copyright(s) involved.

    Doesn't that mean that someone can be held legally liable for fraudulent takedown notices? Who would have to sue to enforce it? Google? The legitimate site that was taken down because of the notice? The Department of Homeland Security since they are supposed to be keeping us safe?

  10. Mathematician? on One Cool Day Job: Building Algorithms For Elevators · · Score: 4, Insightful

    Was a mathematician really needed for this job:

    During the recent $550 million upgrade of the Empire State Building, Ms. Christy was asked whether she could help get more people up to the observation deck. She said she couldn't get more people into a car but could move them up more quickly. So she increased the elevators' speed by 20%, to 20 feet per second. Now the cars can rise 80 floors in about 48 seconds, 10 seconds faster than before.

    Isn't making the elevator go faster a job for an engineer? Does one really need to be a mathematician to know that a faster elevator moves people faster?

  11. Not as impressive in ASCII on How Does a Single Line of BASIC Make an Intricate Maze? · · Score: 1

    It's not quite as impressive in ASCII (or Bash):


    #!/bin/bash

    char[0]='/'
    char[1]='\'

    while :
    do
            echo -n ${char[$(($RANDOM % 2))]}
    done

    I tried to include the output here, but Slashdot told me to "Please use fewer 'junk' characters"

  12. Re:Buttons on In Calculator Arms Race, Casio Fires Back: Color Touchscreen ClassPad · · Score: 1

    Buttons. It's touchscreen, but still has buttons 0-9 and others you'd expect on a calculator.

    I'll admit that real buttons are great for lots of data entry, but Casio or someone should just come out with a quality bluetooth keypad with a corresponding smartphone calculator app -- it seems pointless to build an affordable yet powerful big screen calculator that will sell in low volumes to compete with smartphones and tablets that sell many times more. Just concentrate on building a quality app, and a high quality keypad (like the old HP calculators, I still use my old HP-15C from time to time, it works as well today as it did 25 years ago when it was new).

    This new calculator will likely not be certified for exams anyway, so it's not like they are gaining much by having a special purpose calculator.

  13. Re:Buy crap tools! on Ask Slashdot: Server Room Toolbox? · · Score: 1

    But won't your heterosexual coworkers complain about discrimination then?

    Wouldn't the straight employees be the ones complaining about the pink tools? Especially when the paint flakes off and when they go home their wife says "Why do you have pink fingernail polish flakes on your hand!?!"

  14. Re:Was it a bait and switch? on Ask Slashdot: Troubling Trend For Open Source Company · · Score: 1

    That's the big advantage of open-source software (as opposed to "free" as in beer software). If it doesn't work, you can fix it yourself.

    That is a meaningless feature for anyone who isn't a programmer though. And saying that you can then pay a programmer to fix and support your free software is to most businesses no improvement on buying proprietary software with a support contract.

    That depends how popular the software you're using is.

    If it's popular software, then someone will step in and fix the bugs. I have used a lot of Opensource software, but have only rarely made bug fixes or added features myself (and contributed them back to the project).

    Even better, if the company that wrote it goes out of business (or decides to close-source the software), the community may continue supporting the free software indefinitely. Whereas if you have paid software, you're out of luck if the company goes out of business unless it's such a business critical application that you've arranged for some sort of code-escrow, but then you're back to the "do-it-yourself" mode of fixing bugs, but without the benefit of a community to support it.

    The Software-as-a-Service model is the worst case of this -- if the service goes out of business, they may take your data down with them.

  15. Re:Give them a refund on Ask Slashdot: Troubling Trend For Open Source Company · · Score: 1

    If they don't like your product, offer them a full refund of the purchase price they paid to your company. Heck, offer them double their money back if they are not 100% satisfied.

    Unless they paid some money to someone, it's not clear why they would think they are entitled to support. I've run lots of open source software that had paid support support, and have gladly paid for support when I needed it.

    You act giving free software away with no support is doing everyone a great favor.

    This is like building a road full of potholes where you know the public has a need for it *FOR FREE*. Then charging them money to be ferried across on the rails you build alongside it. Then expecting nothing but gratitude from everyone else because you gave them something. I'm not saying your work is shoddy, but if you don't have any incentive to reduce the number of support calls, and in fact have an incentive to raise that number, it's just not going to be all that great.

    People with any dignity will realize you are just as sinister as anyone else pitching the word "FREE". There is plenty of free stuff in the world that leaves people with the feeling that they just got used, and should be reimbursed for it. That's probably MOST free stuff... expect cases where your customers are all having fun with each other. That isn't the case here or with 99.99% of free software I imagine.

    My home computing environment has been on 100% "FREE" (as in beer) software for at least a decade. And you know what? I have less problems with my home desktop than I experience at work.

    Over the past few years, I've migrated about 100 web servers from Windows to a FREE operating system, and the services have run better and needed less support after moving to that FREE operating system. This includes migrating a number of databases from SQL/Server to MySQL.

    Sure, there have been some software packages that are buggy and don't work as advertised, but paid software is not immune to that problem. Some of the free software I'm running comes with optional paid support, there's only one case where I paid for the support, and that's more to support the project than because I needed the support (though they have been quite helpful when we ask questions)

    Free doesn't mean unsupported or buggy. And paid doesn't mean well supported and bug-free. Choose your software wisely, don't base a business on a free software app built by a single guy in his spare time, but if it's supported by a pay-for-support company or a team of open source developers, in many cases, you may find that you're better off than with paid software.

  16. Re:Was it a bait and switch? on Ask Slashdot: Troubling Trend For Open Source Company · · Score: 3, Insightful

    I saw a similar tactic recently from a non-open-source product. We are implementing a properly licensed software package. The purchased license comes with support. I contacted support because I'm trying to use their import functionality to import an xml file, and the data wasn't importing correctly. The response that I received was "There's something wrong with your xml file. If you want us to tell you what's wrong with it, you must purchase our *Premium* support package." After running some SQL traces, I figured out that it was a bug. I was able to fix it by altering one of their stored procedures.

    That's the big advantage of open-source software (as opposed to "free" as in beer software). If it doesn't work, you can fix it yourself.

    A lot of open source software has no official support channel (paid or not), so at least you had someone to call and if you were really in a bind you could have paid them for support. I've gone down more than one dead-end when trying to get support for non-free (and expensive) software that includes so called "support", I've had much better luck when paying for support for open-source software - the company realizes that they are only going to make money if they offer great support.

  17. Give them a refund on Ask Slashdot: Troubling Trend For Open Source Company · · Score: 5, Funny

    If they don't like your product, offer them a full refund of the purchase price they paid to your company. Heck, offer them double their money back if they are not 100% satisfied.

    Unless they paid some money to someone, it's not clear why they would think they are entitled to support. I've run lots of open source software that had paid support support, and have gladly paid for support when I needed it.

  18. Re:On the oil/steam separator... on HydroICE Project Developing a Solar-Powered Combustion Engine · · Score: 2

    Separating oil and water which have been mixed at such a fine level doesn't seem the easiest. While I know it can be done, can it be done in such a manner to maintain any of the heat energy which remains? Or does one just accept that energy as lost?

    Wouldn't you just cool it below the vapor temperature of the oil and/or water then separate it as liquids? A lot of the will be lost, but not all. Some of the energy can be recaptured by preheating the liquid water and oil.

    They're going to have to cool and return at least the water back to liquid state anyway before it can be injected again for the next cycle.

  19. Re:No surprise there on After Weeks of Trying, UK Cryptographers Fail To Crack WWII Code · · Score: 4, Insightful

    While that is true, you will note that i said probable content. Yes there are any number of equally valid decodings. However few will make sense in the context in which they were sent.

    The assertion that there are any number of possible decodings only works when you have zero knowledge of expected content, and as such its a tired and juvenile objection.

    It's not that there are "any number of equally valid decodings", but there is every possible decoding. If the word "APPLE" is encypted with a one-time pad into "XYZZY", there are potential one-time pads that will decrypt that string into "APPLE", "IPHONE", "STEVE", "WINMO", "GOOGL", "ANDRD", "SBRIN", "LPAGE", "BILLG", etc.

    How do you know which of those is the "valid decoding"? How does your knowledge of expected content help you?

  20. Re:Put badge in microwave for 10 seconds. on Student Refusing RFID Badge Now Fights Expulsion Order · · Score: 1

    I ditched with a friend in high school and went to a different school to visit his girlfriend. We were just going to sneak in and eat lunch with her. The school had over 2000 kids in it, and we made sure to arrive in between classes so there were kids walking around all over the place. We didnt even get in the front door before we got questioned. Somehow a teacher knew that we didnt go to that school.

    That's your problem - when you want to sneak in or out of school, don't use the front door. We used the little watched door over by the music wing, just arrange for someone to open it from the inside when you want to come back in. A simple magnet defeated the door-open alarm, but the alarm wasn't very loud so unless a teacher was in the classroom, it was ignored.

  21. Re:hope it's true on LiMux Project Has Saved Munich €10m So Far · · Score: 5, Insightful

    They report has 15,000 Windows upgrades costing 4.2 Million Euros, or 280 Euros each. That is $362 for each office suite. I can find 1 copy of Office Pro for $179, and 3 copies for $350.

    Here's the link: http://www.softwareking.com/office-2010-pro.html

    Something smells fishy.

    Does your figure include Windows + MS office + windows server & CALs (AD, WSUS, SCCM, etc) + whatever else you need to run an all-MS network? You're not going to install 15,000 desktops by buying 15,000 discount install disks online.

  22. money shouldn't be an issue on Thousands of Natural Gas Leaks Found In Boston · · Score: 3, Informative

    I'm not sure how things work in Boston, but in areas where gas is provided by a regulated public utility, there is little cost to the company for infrastructure improvements. They identify infrastructure that needs to be replaced/upgraded, go to the PUC with the list of improvements and petition for a rate increase to pay for them. Then, in theory, the company is supposed to make the improvements, but that doesn't always happen, PG&E in California has been known to ask for money for specific improvements, then spending the money on other things.

  23. Re:Doesn't the Tolkien estate... on Tolkien Estate Sues Over Lord of the Rings Slot Machines · · Score: 1

    can imagine JRR spinning in his grave hearing about his epic fantasy world being used in such a base and disconnected manner.

    Did you know JRR when he was alive in order to accurately predict his views on such a thing?

    When someone explicitly says that he is making something up from his imagination, why do you think he's making a prediction based on a personal relationship with the author? Do you think that when Tolkien made up the Orcs, he had personally met with an Orc to hear his views?

  24. Gameplay? on Tolkien Estate Sues Over Lord of the Rings Slot Machines · · Score: 2

    From the summary:

    which allows the creation of LotR merchandise but not LotR 'intangibles,' like the experience of playing a slot machine game.

    I haven't played (or seen) the LotR slot machines, but is the gameplay really themed to LotR? Most themed slot machines I've played are slot machines with themed graphics, but the gameplay is pretty much like every other slot machine out there. Does the gameplay of these slots have anything to do with the books? (aside from something like needing to roll 3 Gandalfs to hit the jackpot with a 3X The One Ring multiplier.

    this infringing conduct has outraged Tolkien's devoted fan base,

    I'd consider myself a Tolkien fan, but the only thing I'm outraged about is that his estate is still able to make money from the books 40 years after his death. It should have fallen out of copyright long ago and we should be seeing lots of derivative works building upon the stories.

  25. Re:Infection method? on New Linux Rootkit Emerges · · Score: 2, Informative

    How come neither of the links actually describe how this malware infects the machine in the first place? I'd say that's quite an important piece of information completely missing.

    I don't think it's self-replicating or installing itself by some vulnerability, I believe it would have to be installed maliciously (perhaps by an employee, or maybe by someone using an unrelated root exploit), or as a Trojan Horse - many people are happy to blindly install unsigned packages on their system, running the installation as root.

    Back in the day, I used to make at least a cursory inspection of the Makefile and sometimes would even look over the source code associated with distributed packages. But now I just install the package without even paying attention to what files are being installed. I am a little careful about where I download my packages from, and almost always installed signed packages by a trusted distributor, but I do install packages from unknown developers from time to time.