USB has the controller poll devices. Even on a dedicated bus there's a degree of uncertainty from the polling. Also, relying on NMEA data adds even more uncertainty, as there's no assurance that sentences are delivered in the right order or at timing more precise than one second.
My GPS triggers a serial interrupt when the PPS line goes high. The PPS line is within 1uS of UTC. After an hour or two to settle, NTP holds the time within +/-15uS.
Sure, one second precision is probably "good enough" for normal uses, but one can get more consistent time from most public servers. Providing one second precision time as a public time server is a bad idea, as NTP expects more consistent ticks and this will confuse other clients.
Running a serial GPS+NTP clock is pretty easy and provides much more stable time. Why bother with a USB GPS receiver when a more suitable serial+PPS capable one is available for only slightly more?
I've always wondered about the defaults to have every RH/Debian/Suse/Ubuntu/etc. box talk directly to the pool. I know that for years, the pool has been considered fully sufficient to meet these needs, but it just always struck me as more efficient for an organization to run its own NTP server--one machine talking to the pool--and have other machines in the organization talk to that, rather than having all the machines in the organization talk to the pool.
They actually talk to a "vendor" subdomain of the pool: 0.rhel.pool.ntp.org, 1.rhel.pool.ntp.org, 2.rhel.pool.ntp.org, etc.
They provide vendor-specific subdomains and encourage vendors to provide NTP servers to the pool. Thus, if there's some abuse or misconfiguration that results in excessive traffic they can change the vendor-specific subdomain to prevent that traffic from flooding NTP servers without inconveniencing clients that use the general pool.
Anyway, yes: it's better for an organization to have one or two local time servers communicate with the pool (or other sources of time) and then provide time service to the local network. Still, talking to the pool is a reasonably sane "general purpose" default.
I use this receiver, which is quite reasonably priced. The wiring diagram at this site makes it quite easy to assemble.
Rather than driving the PPS LED directly from the PPS line, I used an NPN transistor to switch the LED on and off with each pulse. The transistor draws a negligible current from the PPS line.
I got the whole setup wired in less than an hour. Works quite well.
Indeed. Pandora, for example, is free and has less ads than a radio station. One can even up/downvote various songs so that it plays more music that you're interested in.
Even their paid service is only $36/year, has better quality, and no ads. Why would I bother to buy a small amount music (particularly on physical CD) when I could pay less (either $0 or $36/year) in exchange for essentially unlimited amounts of music any time I want it?
Then again, I have a 5-minute commute on the train and am in the lab all day working on an internet-connected computer, so my needs may be different from people with longer commutes and spotty internet service.
Yes, but modern GPUs can compute SHA-1 hashes of various passwords at enormously fast rates. Even if they used per-user salts, it's likely that they would also be acquired during the original compromise: with the salts being known, the attacker could run through the various password possibilities at a high rate of speed.
Using just a plain hashing algorithm, even one like SHA-512, for password security is a bad idea as those hashes are designed (in part) for speed. Using something like PBKDF2 with a high number of iterations would help slow down brute-force attacking. If your system automatically increased the number of iterations over time to keep up with modern hardware, then that would help dramatically.
Something like bcrypt or scrypt could provide similar functionality but also require that the attacker have even more memory in addition to processing power.
Charles Schwab, a stockbroker, does (or at least did) the same thing. 8 character maximum, case-insensitive. Obviously the web interface handed off the authentication request to some ancient back-end system.
They eventually started offering VeriSign VIP one-time-password tokens, which is considerably more secure. (Personally, I wish they went with OATH tokens, but that's just me).
NAT isn't security. There's no real difference between IPv4+NAT+stateful firewall and IPv6+stateful firewall in terms of security, with the exception that with IPv6 you don't need port forwarding and other weird hacks like you do with IPv4 NAT.
I haven't looked into it, but I woudn't be surprised if UPnP had been extended to IPv6 stateful firewalls: rather than forwarding ports to an internal IPv4 address, the firewall could simply open the incoming port to that IPv6 address. Same effect, but with less kludge.
The new Linksys E-series home routers do (my folks have an E3200 which works fine). I've seen some Netgear ones on the shelf at local shops that have IPv6 support listed on the box.
I have a WRT54GL running Shibby's Tomato firmware mod with IPv6 GUI support, and that works great.
I've stopped pirating MP3's when I got Spotify where I have a paid premium account. I stopped pirating US TV-series since I got VPN access to Hulu, which would be a Hulu Plus account if they would accept my foreign credit card. I've stopped pirating movies since I discovered Netflix can be tricked into accepting foreign credit cards. Also recently discovered Crackle for free older movies.
Same here with me, video games, and Steam. Why would I pirate a game when it's on sale for $5.99 on Steam? Even $20 games are solidly in "impulse buy" territory (much to the chagrin of my wife). I can buy the games I want, download them from a high-speed relatively-local mirror at any time I wish, have updates managed for me, etc. all without worrying about the potential shadiness of pirated games.
Since I moved to Europe for graduate school, I also use a VPN to watch Netflix as there's simply no comparable service in Switzerland.
Do I want to use a VPN? No. I'm sure that's technically violating some obscure clause in their terms & conditions, but there's no other comparable service here and I want to watch things legitimately and have no problem paying to do so.
DNS is great, except I'm sure the bastards at ISP headquarters will still charge a monthly fee for a static ipv6 addy and more for a block.... simply because they CAN... and is there a free dynamic dns solution? Last i checked (some years back), no.
I'm still surprised that anyone leaves anything of value in their car without the car being in sight, but then again I have had my window smashed out 10 times over the last two decades (hazards of the hood). It was inconvenient, but no laptop or vintage stratocaster was lost.
Yeah, I know. Normally I secure things in the trunk (with the disable-in-cabin-trunk-release option enabled: the only way, other than force, to open the trunk is with the key or the remote key fob) but I was hasty on that particular night and thought that putting the bag under the seat would be sufficient. I was wrong. Lesson learned.
So the contents of your car are covered by your auto insurance? Many insurance policies only cover the car and equipment installed in the car. So that aftermarket radio is covered as it's installed in the car. But your MP3 player which is only charged via cigarette outlet, is not.
Don't get me wrong, your insurance policy rocks. But not all are as good.
Actually my wife's condo insurance covered it. The auto insurance only paid for the glass.
Western Digital has had self-destructing drives for years.
Nice.
Interestingly enough, Western Digital is the only brand of drives I've had a repeatedly good experience with. Maxtor sucked. Seagates sucked for a while. Hitachi sucked. Not sure about Samsung, having never used them. I've only had one WD drive (out of about two dozen) fail inside the warranty period (and that was due to my fault causing a hardware problem; WD still replaced it with no questions asked). The others just keep trucking along.
I guess the old adage "your mileage may vary" still applies.
Infrared? Not exactly wi-fi. You'd have to be in the same room as the router for this to work. I don't see many practical applications.
It sounds actually quite reasonable for private wireless networks: put a transceiver on the ceiling or an elevated part of the wall and provide high-speed access to network devices in that room.
Assuming the waves wouldn't penetrate ordinary building materials (though the wikipedia suggests that some building materials are not reasonably opaque to these waves) then one could have the convenience of a wireless network without the security risks involved with longer-range radio waves that can be picked up at much greater distances.
UPC Cablecom (Switzerland, Zurich) - times out right after the first router (static.cablecom.ch) Init7 (Switzerland, Zurich) - works perfectly fine (via portlane.net)
I'm on Cablecom at home and see the same behavior you do.
Connections from the University of Bern (SWITCH to Portlane to Serious Tubes) work fine.
I'm getting timeouts from Switzerland and from a US VPN, both uncensored.
According to traceroutes on the Swiss network things start timing out immediately after my upstream gateway while still internal to my ISPs network, which suggests a routing problem. Similar behavior on the US VPN.
The transfer to and from Dropbox is encrypted, and files are encrypted using a key that Dropbox controls and written to storage (Amazon S3, IIRC).
The purpose of the encryption isn't so much to protect your files from Dropbox but rather to protect it from Amazon S3 and badguys who might go dumpster diving or try stealing disks. (I imagine S3 destroys their disks when they're replaced, but one's never sure.)
Naturally, one should encrypt sensitive files before storing them on Dropbox. One needs to evaluate one's threat model: if the threat is thieves stealing the computer then it doesn't matter if the backups are encrypted or not (as the thief isn't stealing the backups, just the laptop) -- one needs to make sure the data is encrypted on the laptop itself before it's stolen and that backups are made and up-to-date.
I had my car broken into once and a bag containing my laptop was stolen.
I called the cops, told them the make/model/serial numbers of all the various stuff in the bag (including the laptop), they gave me a police report, and I called my insurance. I got a new laptop and my car window repaired.
I wasn't worried the slightest bit about the contents of the computer as I used TrueCrypt with a secure password to encrypt the entire disk and all the data was backed up to a separate computer at home and a remote backup service. Once I got the new computer it only took about an hour and a half to restore everything.
If you have valuable information on a computer you should be using whole-disk encryption.
Or I could just use my regular credit card, which gives me various perks (cash back, airline miles, etc.) with no service fees (unlikely the prepaid ones).
In the unlikely event that my card is misused I simply call the bank, dispute the charges, and get a new card in the mail. This has happened to me once or twice over the years (bad guy acquired card info without my knowledge) and I've spent less than 30 minutes total dealing with the fallout from such events.
Sure, I shouldn't have to deal with it at all in an ideal world, but dealing with the aftermath of credit card fraud is pretty much a non-issue from the side of the customer.
There's absolutely no reason why IPv6 routers can't have a stateful firewall that blocks incoming connections by default. It's LESS difficult to do than NAT as there doesn't need to be packet inspection etc for things like FTP.
Indeed. My WRT54GL (running a customized version of TomatoUSB with IPv6 and an OpenVPN server) handles IPv6 in precisely that way, with DROP being the default.
For the few home IPv6-capable servers that I run that need incoming access from the IPv6 internet, the router's web interface allows one to open specific ports for specific IPv6 addresses. No NAT required, which is nice: I can have several servers running on the same port with no issues.
People are also mad because they don't get their happy ending. Let's not forget the fact that they are mad that it's actually ending, there is no more story so they feel a huge sense of loss - That's good story telling.
Are you sure? I, like pretty much everyone else I've read with criticism about the ending, don't care if the ending is happy or not: it's been made clear through all three games that Shep is willing to go as far as is needed, including sacrificing him/herself, to protect the galaxy.
Yes, it'd be nice to have Shep knocking back beers with Garrus, raising little blue children with Liara, or settling down with Tali in her house on Rannoch...but that's not why fans are mad -- they're mad because the ending makes no sense. Who is the Catalyst? Why should Shep trust them? How did your final squadmates make it from the final charge to the beam back into the Normandy? Why is the Normandy fleeing instead of fighting? (The ship and crew were always the tip of the spear in all the previous major conflicts in the entire series, including the suicide mission in ME2; it's unlikely that they'd chicken out now.) Why do all of your previous choices (Geth vs. Quarians, cure the genophage, etc.) not have any effect (even if the effect is a simple line of dialogue)? What happens to all the dextro-amino people in orbit around the devastated earth with no relays? Do they starve?
A Fallout-style epilogue slideshow that summed up your choices, actions, and their consequences would have been satisfying...but a blatant deus ex machinima followed by an internally-inconsistent ending with no sense of closure (and, adding insult to injury, was followed by loading your save from before the assault on the Cerberus station and a note to buy more DLC)? No, that's a crappy, weak ending no matter how you spin it.
(As an aside, the almost total lack of side missions in ME3 was also a let down and made the universe seem much smaller than the previous games. The main plotline was excellent and well-done up to the ending, but all the side missions were "overhear some conversation on the citadel, go to a planet, launch a probe, return to the citadel" which got really boring really fast.)
Slashdot Mirror
USB has the controller poll devices. Even on a dedicated bus there's a degree of uncertainty from the polling. Also, relying on NMEA data adds even more uncertainty, as there's no assurance that sentences are delivered in the right order or at timing more precise than one second.
My GPS triggers a serial interrupt when the PPS line goes high. The PPS line is within 1uS of UTC. After an hour or two to settle, NTP holds the time within +/-15uS.
Sure, one second precision is probably "good enough" for normal uses, but one can get more consistent time from most public servers. Providing one second precision time as a public time server is a bad idea, as NTP expects more consistent ticks and this will confuse other clients.
Running a serial GPS+NTP clock is pretty easy and provides much more stable time. Why bother with a USB GPS receiver when a more suitable serial+PPS capable one is available for only slightly more?
I've always wondered about the defaults to have every RH/Debian/Suse/Ubuntu/etc. box talk directly to the pool. I know that for years, the pool has been considered fully sufficient to meet these needs, but it just always struck me as more efficient for an organization to run its own NTP server--one machine talking to the pool--and have other machines in the organization talk to that, rather than having all the machines in the organization talk to the pool.
They actually talk to a "vendor" subdomain of the pool: 0.rhel.pool.ntp.org, 1.rhel.pool.ntp.org, 2.rhel.pool.ntp.org, etc.
They provide vendor-specific subdomains and encourage vendors to provide NTP servers to the pool. Thus, if there's some abuse or misconfiguration that results in excessive traffic they can change the vendor-specific subdomain to prevent that traffic from flooding NTP servers without inconveniencing clients that use the general pool.
Anyway, yes: it's better for an organization to have one or two local time servers communicate with the pool (or other sources of time) and then provide time service to the local network. Still, talking to the pool is a reasonably sane "general purpose" default.
Serial. USB has variable latency.
I use this receiver, which is quite reasonably priced. The wiring diagram at this site makes it quite easy to assemble.
Rather than driving the PPS LED directly from the PPS line, I used an NPN transistor to switch the LED on and off with each pulse. The transistor draws a negligible current from the PPS line.
I got the whole setup wired in less than an hour. Works quite well.
Oddly, Belgium has a large number of the "Russian romance" scammers. Go figure. /answers the abuse desk for a medium-sized email provider
Indeed. Pandora, for example, is free and has less ads than a radio station. One can even up/downvote various songs so that it plays more music that you're interested in.
Even their paid service is only $36/year, has better quality, and no ads. Why would I bother to buy a small amount music (particularly on physical CD) when I could pay less (either $0 or $36/year) in exchange for essentially unlimited amounts of music any time I want it?
Then again, I have a 5-minute commute on the train and am in the lab all day working on an internet-connected computer, so my needs may be different from people with longer commutes and spotty internet service.
[citation needed]
Yes, but modern GPUs can compute SHA-1 hashes of various passwords at enormously fast rates. Even if they used per-user salts, it's likely that they would also be acquired during the original compromise: with the salts being known, the attacker could run through the various password possibilities at a high rate of speed.
Using just a plain hashing algorithm, even one like SHA-512, for password security is a bad idea as those hashes are designed (in part) for speed. Using something like PBKDF2 with a high number of iterations would help slow down brute-force attacking. If your system automatically increased the number of iterations over time to keep up with modern hardware, then that would help dramatically.
Something like bcrypt or scrypt could provide similar functionality but also require that the attacker have even more memory in addition to processing power.
Charles Schwab, a stockbroker, does (or at least did) the same thing. 8 character maximum, case-insensitive. Obviously the web interface handed off the authentication request to some ancient back-end system.
They eventually started offering VeriSign VIP one-time-password tokens, which is considerably more secure. (Personally, I wish they went with OATH tokens, but that's just me).
NAT isn't security. There's no real difference between IPv4+NAT+stateful firewall and IPv6+stateful firewall in terms of security, with the exception that with IPv6 you don't need port forwarding and other weird hacks like you do with IPv4 NAT.
I haven't looked into it, but I woudn't be surprised if UPnP had been extended to IPv6 stateful firewalls: rather than forwarding ports to an internal IPv4 address, the firewall could simply open the incoming port to that IPv6 address. Same effect, but with less kludge.
The new Linksys E-series home routers do (my folks have an E3200 which works fine). I've seen some Netgear ones on the shelf at local shops that have IPv6 support listed on the box.
I have a WRT54GL running Shibby's Tomato firmware mod with IPv6 GUI support, and that works great.
Or, put another way, "extraordinary claims require extraordinary evidence."
I've stopped pirating MP3's when I got Spotify where I have a paid premium account. I stopped pirating US TV-series since I got VPN access to Hulu, which would be a Hulu Plus account if they would accept my foreign credit card. I've stopped pirating movies since I discovered Netflix can be tricked into accepting foreign credit cards. Also recently discovered Crackle for free older movies.
Same here with me, video games, and Steam. Why would I pirate a game when it's on sale for $5.99 on Steam? Even $20 games are solidly in "impulse buy" territory (much to the chagrin of my wife). I can buy the games I want, download them from a high-speed relatively-local mirror at any time I wish, have updates managed for me, etc. all without worrying about the potential shadiness of pirated games.
Since I moved to Europe for graduate school, I also use a VPN to watch Netflix as there's simply no comparable service in Switzerland.
Do I want to use a VPN? No. I'm sure that's technically violating some obscure clause in their terms & conditions, but there's no other comparable service here and I want to watch things legitimately and have no problem paying to do so.
What, like "US Citizen traveling overseas for the purpose of engaging in sexual activity with a spacecraft"?
That's one hell of a kink...
DNS is great, except I'm sure the bastards at ISP headquarters will still charge a monthly fee for a static ipv6 addy and more for a block.... simply because they CAN... and is there a free dynamic dns solution? Last i checked (some years back), no.
Sure. They even specifically support IPv6.
I've also had good luck with CloudFlare, who includes DNS as part of their free service. That includes dynamic DNS.
Afraid.org also does free DNS, including dyanmic DNS and IPv6.
I'm still surprised that anyone leaves anything of value in their car without the car being in sight, but then again I have had my window smashed out 10 times over the last two decades (hazards of the hood). It was inconvenient, but no laptop or vintage stratocaster was lost.
Yeah, I know. Normally I secure things in the trunk (with the disable-in-cabin-trunk-release option enabled: the only way, other than force, to open the trunk is with the key or the remote key fob) but I was hasty on that particular night and thought that putting the bag under the seat would be sufficient. I was wrong. Lesson learned.
So the contents of your car are covered by your auto insurance? Many insurance policies only cover the car and equipment installed in the car. So that aftermarket radio is covered as it's installed in the car. But your MP3 player which is only charged via cigarette outlet, is not.
Don't get me wrong, your insurance policy rocks. But not all are as good.
Actually my wife's condo insurance covered it. The auto insurance only paid for the glass.
Western Digital has had self-destructing drives for years.
Nice.
Interestingly enough, Western Digital is the only brand of drives I've had a repeatedly good experience with. Maxtor sucked. Seagates sucked for a while. Hitachi sucked. Not sure about Samsung, having never used them. I've only had one WD drive (out of about two dozen) fail inside the warranty period (and that was due to my fault causing a hardware problem; WD still replaced it with no questions asked). The others just keep trucking along.
I guess the old adage "your mileage may vary" still applies.
Infrared? Not exactly wi-fi. You'd have to be in the same room as the router for this to work. I don't see many practical applications.
It sounds actually quite reasonable for private wireless networks: put a transceiver on the ceiling or an elevated part of the wall and provide high-speed access to network devices in that room.
Assuming the waves wouldn't penetrate ordinary building materials (though the wikipedia suggests that some building materials are not reasonably opaque to these waves) then one could have the convenience of a wireless network without the security risks involved with longer-range radio waves that can be picked up at much greater distances.
UPC Cablecom (Switzerland, Zurich) - times out right after the first router (static.cablecom.ch)
Init7 (Switzerland, Zurich) - works perfectly fine (via portlane.net)
I'm on Cablecom at home and see the same behavior you do.
Connections from the University of Bern (SWITCH to Portlane to Serious Tubes) work fine.
I'm getting timeouts from Switzerland and from a US VPN, both uncensored.
According to traceroutes on the Swiss network things start timing out immediately after my upstream gateway while still internal to my ISPs network, which suggests a routing problem. Similar behavior on the US VPN.
The transfer to and from Dropbox is encrypted, and files are encrypted using a key that Dropbox controls and written to storage (Amazon S3, IIRC).
The purpose of the encryption isn't so much to protect your files from Dropbox but rather to protect it from Amazon S3 and badguys who might go dumpster diving or try stealing disks. (I imagine S3 destroys their disks when they're replaced, but one's never sure.)
Naturally, one should encrypt sensitive files before storing them on Dropbox. One needs to evaluate one's threat model: if the threat is thieves stealing the computer then it doesn't matter if the backups are encrypted or not (as the thief isn't stealing the backups, just the laptop) -- one needs to make sure the data is encrypted on the laptop itself before it's stolen and that backups are made and up-to-date.
I had my car broken into once and a bag containing my laptop was stolen.
I called the cops, told them the make/model/serial numbers of all the various stuff in the bag (including the laptop), they gave me a police report, and I called my insurance. I got a new laptop and my car window repaired.
I wasn't worried the slightest bit about the contents of the computer as I used TrueCrypt with a secure password to encrypt the entire disk and all the data was backed up to a separate computer at home and a remote backup service. Once I got the new computer it only took about an hour and a half to restore everything.
If you have valuable information on a computer you should be using whole-disk encryption.
Or I could just use my regular credit card, which gives me various perks (cash back, airline miles, etc.) with no service fees (unlikely the prepaid ones).
In the unlikely event that my card is misused I simply call the bank, dispute the charges, and get a new card in the mail. This has happened to me once or twice over the years (bad guy acquired card info without my knowledge) and I've spent less than 30 minutes total dealing with the fallout from such events.
Sure, I shouldn't have to deal with it at all in an ideal world, but dealing with the aftermath of credit card fraud is pretty much a non-issue from the side of the customer.
Indeed. My WRT54GL (running a customized version of TomatoUSB with IPv6 and an OpenVPN server) handles IPv6 in precisely that way, with DROP being the default.
For the few home IPv6-capable servers that I run that need incoming access from the IPv6 internet, the router's web interface allows one to open specific ports for specific IPv6 addresses. No NAT required, which is nice: I can have several servers running on the same port with no issues.
Are you sure? I, like pretty much everyone else I've read with criticism about the ending, don't care if the ending is happy or not: it's been made clear through all three games that Shep is willing to go as far as is needed, including sacrificing him/herself, to protect the galaxy.
Yes, it'd be nice to have Shep knocking back beers with Garrus, raising little blue children with Liara, or settling down with Tali in her house on Rannoch...but that's not why fans are mad -- they're mad because the ending makes no sense. Who is the Catalyst? Why should Shep trust them? How did your final squadmates make it from the final charge to the beam back into the Normandy? Why is the Normandy fleeing instead of fighting? (The ship and crew were always the tip of the spear in all the previous major conflicts in the entire series, including the suicide mission in ME2; it's unlikely that they'd chicken out now.) Why do all of your previous choices (Geth vs. Quarians, cure the genophage, etc.) not have any effect (even if the effect is a simple line of dialogue)? What happens to all the dextro-amino people in orbit around the devastated earth with no relays? Do they starve?
A Fallout-style epilogue slideshow that summed up your choices, actions, and their consequences would have been satisfying...but a blatant deus ex machinima followed by an internally-inconsistent ending with no sense of closure (and, adding insult to injury, was followed by loading your save from before the assault on the Cerberus station and a note to buy more DLC)? No, that's a crappy, weak ending no matter how you spin it.
(As an aside, the almost total lack of side missions in ME3 was also a let down and made the universe seem much smaller than the previous games. The main plotline was excellent and well-done up to the ending, but all the side missions were "overhear some conversation on the citadel, go to a planet, launch a probe, return to the citadel" which got really boring really fast.)