FreeBSD's geom disk encryption has something like
on
Death On Demand Drive Tech
·
· Score: 2, Informative
It seems that FreeBSD's geom disk (or partition) encryption allows you to destroy all the master keys should the need arise. It's not the same as having the HD die on you, but if the disks take the end of the earth to actually decrypt, it's as good as dead.
I definitely agree with the R/O system won't help part. Considering that I was rebuilding a computer after it's got the Blaster and a whole bunch of others some time ago, and we neglected to remove the CAT 5 out of the machine, and right after install, 10 minutes into running the system, it's got Blaster all over again. Even if you can't write to the OS, you still need r/w ram for your programs and such, and imagine a memory resident worm/virus that keep reinfecting your R/O system on boot.
OK, if he doesn't want it in/usr/local, I won't be surprised if changing a minor flag in the ports system for BSD would fix that. But if they're using packages, I guess it is out of luck.
I'm well aware that I can find out which device is which from dmesg/proc or all the other places. But if you installed BSD in the first place, you'd know which card has which device name. Perhaps this Dlink would have xx0 and the other Dlink would have yy0. In Linux, it would be eth0 and eth1. Normally there wouldn't be any problem until you're trying to write a non-trivial packet filter script and don't really want to flip back and forth between a dmesg output and the script you're writing. Maybe it is just me with my bad short term memory, but I find that generally with difference device names I tend to remember which is the right ethernet port. And IMO this won't help in a corporate machine because most likely the NICs have the same chipset, and BSD would merely have xx0, xx1, xx2, xx3, just like Linux would.
I would damn well agree that to each their own, and software monoculture is bad. I don't pretend I'm a BSD zealot because I use Linux far more often than BSD. It's just that I found myself being more inconvenienced by the naming convention - and they're not consistent by far. I have a Orinoco wireless that goes by eth1, and for the longest time I thought wireless also goes by eth* until I got a new one, and it used wlan0.
If more people do trust Microsoft with security, then I fear that Linux/BSD/OSS sites would be deemed a terroristic front. Maybe it's time for me to withdraw my membership from Slashdot, in fear of reprisal.
Mac OSX isn't all that different from the !OpenBSD around... Since I started this job as a techie, I do monitor some of the security mailing list, and there was a local root exploit published like 7 days ago. I don't know Mr. De Raadt personally, maybe he's a bitch to work with, I don't konw, but his OS is one of the most secure around. OSX is based on FreeBSD. If it was based on OpenBSD, it would've been slower because of all the crypto and even randomized PIDs.
1./usr/local has already debunked by others. Use $PATH 2. Ever had two NICs in a box running Linux located in such a way that it is very inconvenient to open the box? I have to locate which is eth0 and which is eth1 just to make sure I don't misconfigure things, adn the only way to separate them (even though they're a different make/model) is to find the bloody MAC address on it. At least the BSD model narrows it down to the make/model of the NIC, so that ambiguous names are harder to come by.
How about if Microsoft/Wal-Mart/"name your own multi-national" finished off all of their competition, and then start charging you for every piece that you get for free? I wonder if you would be so arrogant and selfish about what your needs are versus what is good in the long run? These two-bit developers can't hold their own because they get shafted by these big companies' resources. Microsoft already owns the PC market, and by bundling all those stuff, most users don't really bother to look for other products because they might not even know they exists, or simply too lazy to try others out because they're too used to it. Or how about those Mom and Pop store? How are they suppose to compete with a giant that can buy a thousand-fold more products to lower the price, and use sophisticated logistic systems to reduce the need for warehouse (if I recall, they don't even have them), cutting their cost - know how big Wal-Mart is, I could live for the rest of my life very comfortably on that 10%. I'm no commie, but monopolies sucks, unless you're talking the board game.
Just to nickpick... At least iPods are made in China, because I have one and it says Designed in California, Made in China. Also the iBooks and PowerBooks are made and tested by Asus, which is probably built in China (although Asus the company is a Taiwanese entity). But what you stated sounds interesting nevertheless.
Re:Only going to work if it became standard
on
Advocating Dvorak
·
· Score: 1
Exaggerate risks? ha Although I hadn't trigger my last bout of tendonitis through typing, I was on a computer for long enough time per day (with not the best posture and typing habits) to both create the underlying problem, and aggravate it. I was working as a cashier at the time besides studying Computing Science at school. Let me tell you that after having that bout of tendonitis, I couldn't type for longer than 2 hours, which isn't good cause I need to type papers for one of the electives, and code for my CS classes. The pain also comes back when I become lazy and didn't take care of my posture. The mouse was also stressing my wrist because of the way I hold it. I end up quickly swap for an ergonomic keyboard, and a trackball, and I wished that my tendons would just heal fully already. If learning dvorak (back then) could've save me from this hassle, I couldn't be more grateful. Maybe I should start now.
Although not first hand, I've heard that people running Q3A faster than Windows... but I digress. Haven't anyone learn that they should choose the best tool for the job? I wouldn't play my games on Linux, and I won't do my programming assignments on Windows.
They did point out that they were exploiting the fact that if the MD5 hashes of X1 and X2 collide, then the MD5 hashes of X1+S (read: X1 concatenated with S) and X2+s also collide. As much as you didn't like it, Lucks and Daum had just turned that into a possibly-practical hash function weakness. If they can do this with Word...
If Thong make the scientists to test nanotech's effects on organisms by testing them on lab rats believing that it's unsafe for humans, and then PETA insists that we shouldn't test on animals, only humans, then how would that be different from just letting people wearing Eddie Bauer nanopants? Sometimes I just think that environmentalists are having it both ways.
Besides that, they're being way too optimistic. Often company's setups are not as secure as they should be. Sometimes is that people are too lazy. Or they're too occupied with things assigned by the powers above. Example: Company that I'm temporarily working in as a techie has approximately 80 machines, with a mix of Win2k and WinXP. I just found out yeseterday that 3 of the XP machines were still running Service Pack 1a. I don't want to come across as a self-promoting bastard, but none of the IT guys here bothered to figure them out, and patch them as soon as they can. Granted they're migrating from one accounting packages to another, but I thought SP2 has been out for a while. Other times, they're limited by software. Example: At the very least, the accountants in this companies must be Local Admins because one software they use would refuse to work without Admin rights, and it isn't just file permissions. I sure feel safe leaving the machines to accounts with Local Admin digging the internet to find Java games to play... They said that enterprise that secure the VoIP servers would be ok. Well enterprices that would secure themselves would be ok to run most of the things they said, including Wireles that would allow laptop users anywhere in the building to login, but history has proven that IT people aren't as diligent as they are supposed to be. And I sure won't trust a wireless AP in a company with WEP being its only protection. But this company, being a small/medium business with 80 computers with the minimum P3 in their boxes would be a nice bot net. Plenty of the points Gartner had tried to debunk are rightfully suspicious. Instead of appreciating those who warn us of potential problem, Gartner tries to paint them as zealots. What a shame.
live-cds are great and all, and I use the for diagnostics, and even wiping Windows drives (particularly I don't trust DOS's drive naming conventions), but to actually try out Linux through live-cds doesn't really do it justice. Even spinning as fast as it can, live-cds are nowhere near as fast as a HD. Even on a P4 laptop with 512MB of ram, the CDROM really delays things. Perhaps someone could write a program that would fit on a floppy so that the user would simply download the iso, and boot a kernel inside it so that Windows doesn't get destroyed, yet the CDROM speeds won't ruine the whole experience. Incidentally, Puppy Linux trys to make it as fast as it can by putting about 50MB+ worth of stuff in RAM.
Although Mac developers may be not as numerous as Microsoft or Linux developers, I don't think having them working on a x86 platform could be a harmful thing. BSD and Linux is close enough that I rarely see drivers being supported in one not being supported in other. Perhaps as support for hardware grows for OSX, it would make those driver writers consider making that driver workable in Linux - but most likely someone would simply hack the driver in one to work with the other.
You could run OSX server on your Dell (either by design, or by some hack someone's going to post up as soon as Leopard is released, but would you want to? That article on AnandTech (was on slashdot a few days ago) kinda spelled out the problem with running the BSD kernel on top of Mach, at least on a G5, and it doesn't handle multiple threads all that well... Unless they can address that with Leopard, I doubt anyone running a server would want to use OSX server.
Friend of mine's Fujitsu LifeBook P240 has a Transmeta chip, and he said that the laptop doesn't last all that much longer than 2 hours or so. Not having all that much processing power is ok; however, they were going to trade power for battery life, yet they did neither with the Crusoe... If they can't prolong battery life, then I rather put up with a laptop that isn't really a laptop. Besides I don't want prolong exposure of a notebook affecting my ability to procreate.
Especially the one at home with the DVI input. I don't have to adjust anything anymore. I don't notice any color difference. There are less things to fail - or at least less things in a LCD to fail in an annoying manner. Have you ever have a CRT's horizontal control fail in such a way that the sides pop in and out intermittently? I have. It reproduce text wonderfully. I'm a Computing Science undergrad and naturally I stare at a lot of text. LCD have no refresh rates. Don't have to worry about a CRT monitor that you sit down that that still runs at 60Hz. Or like me, who just started a tech support job in a 80+ company, and constantly finding CRTs that are running at 60Hz and wondering how they would cope with the eye strain. LCD also don't have the typical text warp at the edges, unlike low end CRTs that many consumers buy. Sure consumer LCDs are usually not fast enough to render fast action in a FPS. But that's not really my main concern anyways. Likewise, the medical computing community have concerns that currently make LCDs unsuitable. As long as there are interest in CRT I don't see them going away. I just won't miss them much.
Also irritating is his definition that anything non-proprietary is general purpose. I learnt in my first year in CS that a computer is general purpose if it is capable of a certain set of instruction (of which, of course, I've forgotten), and has nothing to do whether the computer's OS is GPL/BSD/Public Domain or not. And he is conveniently ignoring the fact that nvram still has a maximum number of writes before it cannot be written to again. Even though it has significantly improved from the 1000 writes thing, I'll bet it's still less than the amount capable by the HD.
Reverse Engineering correlates with Innovation?
on
McVoy Strikes Back
·
· Score: 1
Well, he's implying that if the world went 100% open source, and open source is about reverse engineering, then innovation goes to 0. Does he also imply that in the early days, Compaq (or whatever that company may be) did not innovate by reverse engineering the IBM's BIOS so that IBM-compatiable is made?
I wonder if you'd say the same for Star Wars Episode 2 - Attack of the Clones. With the prices of tickets at such lofty heights, many people feel that watching a crappy movie in the theatre would be a ripoff. I hold the same opinion with most music CD already. I wouldn't mind the iTunes Music Store structure if they didn't use DRM. I think that's the right way to sell media nowadays
Oh? Their survival depends on copyright, this coming from university publishers. My wallet's survival also depends on these bunch on people. Often I have to suck it up and take it to buy their crappy books, and I sure wouldn't mind having them available through Google Library. However, I have yet to find an elegant solution to read e-books, so I do buy books worthy to be kept, whether it was course books or books of interest. Google Library would serve as a check against crappy books and needless revisions - if they'd like to stay in business, they'd have to make their readers want to buy them
It might be the case that when the unit reaches the end of life, you can't remove the core, just like the Russian Alfa subs. The liquid metal coolant froze solid, and often wrecks the reactor in the process...
is really moot if there's an policy that states that network usage must be for academic purposes only. If such person is distributing his thesis defense through Bittorrent, then I suppose it isn't illegal, but otherwise, legal or not, it can land said student in a lot of trouble. Be smart, stay under the radar.
Slashdot Mirror
It seems that FreeBSD's geom disk (or partition) encryption allows you to destroy all the master keys should the need arise. It's not the same as having the HD die on you, but if the disks take the end of the earth to actually decrypt, it's as good as dead.
I definitely agree with the R/O system won't help part.
Considering that I was rebuilding a computer after it's got the Blaster and a whole bunch of others some time ago, and we neglected to remove the CAT 5 out of the machine, and right after install, 10 minutes into running the system, it's got Blaster all over again.
Even if you can't write to the OS, you still need r/w ram for your programs and such, and imagine a memory resident worm/virus that keep reinfecting your R/O system on boot.
OK, if he doesn't want it in /usr/local, I won't be surprised if changing a minor flag in the ports system for BSD would fix that. But if they're using packages, I guess it is out of luck.
I'm well aware that I can find out which device is which from dmesg/proc or all the other places. But if you installed BSD in the first place, you'd know which card has which device name. Perhaps this Dlink would have xx0 and the other Dlink would have yy0. In Linux, it would be eth0 and eth1. Normally there wouldn't be any problem until you're trying to write a non-trivial packet filter script and don't really want to flip back and forth between a dmesg output and the script you're writing. Maybe it is just me with my bad short term memory, but I find that generally with difference device names I tend to remember which is the right ethernet port. And IMO this won't help in a corporate machine because most likely the NICs have the same chipset, and BSD would merely have xx0, xx1, xx2, xx3, just like Linux would.
I would damn well agree that to each their own, and software monoculture is bad. I don't pretend I'm a BSD zealot because I use Linux far more often than BSD. It's just that I found myself being more inconvenienced by the naming convention - and they're not consistent by far. I have a Orinoco wireless that goes by eth1, and for the longest time I thought wireless also goes by eth* until I got a new one, and it used wlan0.
If more people do trust Microsoft with security, then I fear that Linux/BSD/OSS sites would be deemed a terroristic front.
Maybe it's time for me to withdraw my membership from Slashdot, in fear of reprisal.
Mac OSX isn't all that different from the !OpenBSD around...
Since I started this job as a techie, I do monitor some of the security mailing list, and there was a local root exploit published like 7 days ago.
I don't know Mr. De Raadt personally, maybe he's a bitch to work with, I don't konw, but his OS is one of the most secure around.
OSX is based on FreeBSD. If it was based on OpenBSD, it would've been slower because of all the crypto and even randomized PIDs.
1. /usr/local has already debunked by others. Use $PATH
2. Ever had two NICs in a box running Linux located in such a way that it is very inconvenient to open the box? I have to locate which is eth0 and which is eth1 just to make sure I don't misconfigure things, adn the only way to separate them (even though they're a different make/model) is to find the bloody MAC address on it.
At least the BSD model narrows it down to the make/model of the NIC, so that ambiguous names are harder to come by.
How about if Microsoft/Wal-Mart/"name your own multi-national" finished off all of their competition, and then start charging you for every piece that you get for free? I wonder if you would be so arrogant and selfish about what your needs are versus what is good in the long run?
These two-bit developers can't hold their own because they get shafted by these big companies' resources. Microsoft already owns the PC market, and by bundling all those stuff, most users don't really bother to look for other products because they might not even know they exists, or simply too lazy to try others out because they're too used to it. Or how about those Mom and Pop store? How are they suppose to compete with a giant that can buy a thousand-fold more products to lower the price, and use sophisticated logistic systems to reduce the need for warehouse (if I recall, they don't even have them), cutting their cost - know how big Wal-Mart is, I could live for the rest of my life very comfortably on that 10%.
I'm no commie, but monopolies sucks, unless you're talking the board game.
Just to nickpick...
At least iPods are made in China, because I have one and it says Designed in California, Made in China.
Also the iBooks and PowerBooks are made and tested by Asus, which is probably built in China (although Asus the company is a Taiwanese entity).
But what you stated sounds interesting nevertheless.
Exaggerate risks? ha
Although I hadn't trigger my last bout of tendonitis through typing, I was on a computer for long enough time per day (with not the best posture and typing habits) to both create the underlying problem, and aggravate it.
I was working as a cashier at the time besides studying Computing Science at school.
Let me tell you that after having that bout of tendonitis, I couldn't type for longer than 2 hours, which isn't good cause I need to type papers for one of the electives, and code for my CS classes.
The pain also comes back when I become lazy and didn't take care of my posture. The mouse was also stressing my wrist because of the way I hold it.
I end up quickly swap for an ergonomic keyboard, and a trackball, and I wished that my tendons would just heal fully already.
If learning dvorak (back then) could've save me from this hassle, I couldn't be more grateful. Maybe I should start now.
Although not first hand, I've heard that people running Q3A faster than Windows... but I digress.
Haven't anyone learn that they should choose the best tool for the job? I wouldn't play my games on Linux, and I won't do my programming assignments on Windows.
They did point out that they were exploiting the fact that if the MD5 hashes of X1 and X2 collide, then the MD5 hashes of X1+S (read: X1 concatenated with S) and X2+s also collide.
As much as you didn't like it, Lucks and Daum had just turned that into a possibly-practical hash function weakness. If they can do this with Word...
If Thong make the scientists to test nanotech's effects on organisms by testing them on lab rats believing that it's unsafe for humans, and then PETA insists that we shouldn't test on animals, only humans, then how would that be different from just letting people wearing Eddie Bauer nanopants?
Sometimes I just think that environmentalists are having it both ways.
Besides that, they're being way too optimistic.
Often company's setups are not as secure as they should be.
Sometimes is that people are too lazy. Or they're too occupied with things assigned by the powers above.
Example:
Company that I'm temporarily working in as a techie has approximately 80 machines, with a mix of Win2k and WinXP. I just found out yeseterday that 3 of the XP machines were still running Service Pack 1a. I don't want to come across as a self-promoting bastard, but none of the IT guys here bothered to figure them out, and patch them as soon as they can. Granted they're migrating from one accounting packages to another, but I thought SP2 has been out for a while.
Other times, they're limited by software. Example:
At the very least, the accountants in this companies must be Local Admins because one software they use would refuse to work without Admin rights, and it isn't just file permissions. I sure feel safe leaving the machines to accounts with Local Admin digging the internet to find Java games to play...
They said that enterprise that secure the VoIP servers would be ok. Well enterprices that would secure themselves would be ok to run most of the things they said, including Wireles that would allow laptop users anywhere in the building to login, but history has proven that IT people aren't as diligent as they are supposed to be. And I sure won't trust a wireless AP in a company with WEP being its only protection. But this company, being a small/medium business with 80 computers with the minimum P3 in their boxes would be a nice bot net.
Plenty of the points Gartner had tried to debunk are rightfully suspicious. Instead of appreciating those who warn us of potential problem, Gartner tries to paint them as zealots. What a shame.
live-cds are great and all, and I use the for diagnostics, and even wiping Windows drives (particularly I don't trust DOS's drive naming conventions), but to actually try out Linux through live-cds doesn't really do it justice.
Even spinning as fast as it can, live-cds are nowhere near as fast as a HD. Even on a P4 laptop with 512MB of ram, the CDROM really delays things.
Perhaps someone could write a program that would fit on a floppy so that the user would simply download the iso, and boot a kernel inside it so that Windows doesn't get destroyed, yet the CDROM speeds won't ruine the whole experience.
Incidentally, Puppy Linux trys to make it as fast as it can by putting about 50MB+ worth of stuff in RAM.
Although Mac developers may be not as numerous as Microsoft or Linux developers, I don't think having them working on a x86 platform could be a harmful thing. BSD and Linux is close enough that I rarely see drivers being supported in one not being supported in other. Perhaps as support for hardware grows for OSX, it would make those driver writers consider making that driver workable in Linux - but most likely someone would simply hack the driver in one to work with the other.
You could run OSX server on your Dell (either by design, or by some hack someone's going to post up as soon as Leopard is released, but would you want to?
That article on AnandTech (was on slashdot a few days ago) kinda spelled out the problem with running the BSD kernel on top of Mach, at least on a G5, and it doesn't handle multiple threads all that well...
Unless they can address that with Leopard, I doubt anyone running a server would want to use OSX server.
Friend of mine's Fujitsu LifeBook P240 has a Transmeta chip, and he said that the laptop doesn't last all that much longer than 2 hours or so.
Not having all that much processing power is ok; however, they were going to trade power for battery life, yet they did neither with the Crusoe...
If they can't prolong battery life, then I rather put up with a laptop that isn't really a laptop. Besides I don't want prolong exposure of a notebook affecting my ability to procreate.
Of course. It's not like SCO can win IBM at anything, including the lawyer game. IBM just hardwired SCO's suicide booth to slow-and-painful.
Especially the one at home with the DVI input.
I don't have to adjust anything anymore. I don't notice any color difference. There are less things to fail - or at least less things in a LCD to fail in an annoying manner. Have you ever have a CRT's horizontal control fail in such a way that the sides pop in and out intermittently? I have.
It reproduce text wonderfully. I'm a Computing Science undergrad and naturally I stare at a lot of text.
LCD have no refresh rates. Don't have to worry about a CRT monitor that you sit down that that still runs at 60Hz. Or like me, who just started a tech support job in a 80+ company, and constantly finding CRTs that are running at 60Hz and wondering how they would cope with the eye strain. LCD also don't have the typical text warp at the edges, unlike low end CRTs that many consumers buy.
Sure consumer LCDs are usually not fast enough to render fast action in a FPS. But that's not really my main concern anyways. Likewise, the medical computing community have concerns that currently make LCDs unsuitable. As long as there are interest in CRT I don't see them going away. I just won't miss them much.
Also irritating is his definition that anything non-proprietary is general purpose. I learnt in my first year in CS that a computer is general purpose if it is capable of a certain set of instruction (of which, of course, I've forgotten), and has nothing to do whether the computer's OS is GPL/BSD/Public Domain or not.
And he is conveniently ignoring the fact that nvram still has a maximum number of writes before it cannot be written to again. Even though it has significantly improved from the 1000 writes thing, I'll bet it's still less than the amount capable by the HD.
Well, he's implying that if the world went 100% open source, and open source is about reverse engineering, then innovation goes to 0.
Does he also imply that in the early days, Compaq (or whatever that company may be) did not innovate by reverse engineering the IBM's BIOS so that IBM-compatiable is made?
I wonder if you'd say the same for Star Wars Episode 2 - Attack of the Clones.
With the prices of tickets at such lofty heights, many people feel that watching a crappy movie in the theatre would be a ripoff.
I hold the same opinion with most music CD already. I wouldn't mind the iTunes Music Store structure if they didn't use DRM. I think that's the right way to sell media nowadays
Oh? Their survival depends on copyright, this coming from university publishers.
My wallet's survival also depends on these bunch on people. Often I have to suck it up and take it to buy their crappy books, and I sure wouldn't mind having them available through Google Library.
However, I have yet to find an elegant solution to read e-books, so I do buy books worthy to be kept, whether it was course books or books of interest.
Google Library would serve as a check against crappy books and needless revisions - if they'd like to stay in business, they'd have to make their readers want to buy them
It might be the case that when the unit reaches the end of life, you can't remove the core, just like the Russian Alfa subs. The liquid metal coolant froze solid, and often wrecks the reactor in the process...
is really moot if there's an policy that states that network usage must be for academic purposes only.
If such person is distributing his thesis defense through Bittorrent, then I suppose it isn't illegal, but otherwise, legal or not, it can land said student in a lot of trouble.
Be smart, stay under the radar.