Slashdot Mirror


User: billstewart

billstewart's activity in the archive.

Stories
0
Comments
7,948
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 7,948

  1. 10/8 vs. 10.*/16, 10.*.*/20, 10.*.*/24 Subnets on Local Network IPs - 10.0.0.0/8 or 192.168.0.0/16? · · Score: 1
    Picking the right subnet size is important, just for keeping track of things, and the big questions have tended to be "Do I use Class A/B/C subnet sizes or a 10.*.*/20?" Sure, the hardware almost always supports Variable Length Subnet Masking, but humans aren't always that good at it.


    If you're not going to have more than ~250 hosts per segment or more than ~250 segments, I've generally taken the approach of "pick a random number R in 21..250 for the second octet, and create a bunch of 10.R.*/24 subnets" - it makes it easy to merge with other networks later on. (As when my department's lab got merged with several others - didn't have to renumber anything because nobody else was 10.116.*)

    We did pick one 10.X.Y.* range to split up into /30 subnets for virtual circuits between labs, but that's the only VLSM we messed with. And little LANs that are sure to get NATted by appliances still get to be 192.168, and the couple of routers that look like the Cisco CCNA certification book lab are 172.16 because it's for training.

  2. Stopping Looking at the Keys! Now! Today! on Touch Typing for a Developer? · · Score: 1
    I pretty much learned to touch type in high school, and can do it fine for basic text, but got out of the habit as I kept using different keyboards with different special keys in different places - TTY33s, Suns, Selectrics, Macs, PCs with different numbers of Stupid Windows Keys, etc. A friend of mine convinced me that the right way to touch type was to STOP LOOKING AT THE KEYS -- JUST DO IT!. It's much easier on a computer than on a conventional typewriter, because you can still look at the screen, and can backspace over mistakes, so it's not like the days of dead trees and whiteout where misteakz wurr a probbblme.

    Black paint and blank keys are fun, if they help you stop looking at the keys. If you really need to do something magic once in a while like getting Function-SysReq-Windows-Meta-Cloverleaf, fine, look at the keys, but only do that for weird stuff.

    What they didn't teach in high school were techniques for getting your hands realigned after using a mouse. If you've got a button-mouse on your keyboard, and can use it without carpal tunnel, it's not much problem, but otherwise figure out how to get your hands back to whatever stable position you like.

  3. Blocking Windows Ports 135etc on Universities Taken Offline to Fight Worms, Viruses · · Score: 1
    You can cut down on some of the load by blocking the ports Windows uses for its file/print sharing protocols, mainly 135-139. It's not a perfect solution, and there are some places (such as departmental LANs) that might actually be using the services, but for the most part they're just an attractive nuisance.

    Blocking SMTP is much worse - if you want to do anything like that, have two groups of addresses, one with blocking and one without, and put people in the blocking group unless they ask to be in the non-blocking group. That way Linux users can still have real machines and client-only systems are isolated from some of the risks.

  4. Re:I was at the talk... on Cracking GSM · · Score: 1
    A better description is that A5/1 is "weak" and A5/2 is "very weak". The FAQ says that Alex Biryukov, Adi Shamir and David Wagner showed that they can find the A5/1 key in less than a second on a single PC with 128 MB RAM and two 73 GB hard disks, by analyzing the output of the A5/1 algorithm in the first two minutes of the conversation. Ian Goldberg and David Wagner of the University of California at Berkeley published an analysis of the weaker A5/2 algorithm showing a work factor of 2^16, or approximately 10 milliseconds. B,S&W's paper has some really nice detail, and also mentions that Goldberg and Wagner announced an O(2**16) attack on A5/2 in 1999.

    The attack on A5/1 does take a big amount of pre-computation, but if I'm reading it correctly, it's about 2**48 iterations of a very efficient algorithm, which looks like it's 4 instructions, mostly from L2 cache, and 150B of disk which was somewhat aggressive for PCs back then, but is cheap commodityware now (you might spend some extra money if you want faster disks...) If it partitions conveniently, run it on the PC farm overnight, or get distributed.net to prepare it, or use that 2GHz P4 for a couple of weeks. After the pre-processing is done, actual attacks seem to need about 2 minutes of call time and a few tens of seconds to crack, so it's near-real-time.

  5. Re:GSM has been Toast for years on Cracking GSM · · Score: 1

    No, it's much worse than that. The big obfuscation was keeping the algorithms secret except from manufacturers, but eventually somebody leaked a copy of them to the net, and it was obvious from the design that it wasn't very strong - the structure was kind of like a fast fourier transform, which suggests some electrical engineer probably cobbled it together.

  6. GSM has been Toast for years on Cracking GSM · · Score: 3, Insightful
    There's some nice summary on gsmsecurity.com, but Ian Goldberg did one of the early critical cracks and revealed that 10 of the authentication key bits were set to zeros. GSM has a set of algorithm for the call authentication, and a set of algorithms called A5/1 and A5/2 for the voice encryption. A5/1 was the "stronger" algorithm used in "superior" countries, and A5/2 was the weaker version for "inferior" countries. It turns out that A5/1 is pretty weak, and A5/2 is far weaker, and the fact that Ian could cryptanalyze the system over lunch indicates that it wasn't designed by competent cryptographers.

    The initial work didn't totally blow the system open and make on-the-air cracks easy, but it showed that the system was incompetently designed as well as deliberately weakened further, and was yet another reminder that Closed System Design is even worse in cryptography than in software. Subsequent work by people like Biham and Wagner keeps making it worse, and of course computer equipment keeps getting cheaper and larger, which means that attacks that need "hundreds of GB of disk" cost you $200 at Fry's rather than $200000 at the NSA Spook Equipment Shoppe.

    In the US, GSM is still a security improvement, weak as it is, because the government bullied the digital cell phone system developers into using even weaker and more broken algorithms (back when they could pretend they were worried about Commie Spies rather than trying to facilitate illegal wiretapping.) (And of course analog cell phones didn't have crypto at all.) But even then, many of the cell phone companies don't bother turning on the crypto - Nokia phones give you a nice friendly indication that they tried to use it and got rejected.

  7. Attention Deficit Filing system on How Do You Organize Your Data? · · Score: 1
    At home we use the ADD filing system. Stuff in piles, sometimes near the door, sometimes not, and the furniture's arranged to have more places to pile things out in plain view as opposed to putting them in drawers or boxes (which leads to them disappearing and an oversupply of drawers and boxes full of random stuff.)

    One time we moved across country, and my wife had a bunch of old purses in a box that she labeled "archaeological dig", figuring that it would be a less attractive target for getting ripped off somewhere in the moving process in case there was still anything valuable in them. Turned out that one of the truck drivers was an archaeologist, and was very interested in something that looked like somebody else had done some archaeology :-)

  8. Evils of LaTex and APS formats vs. HTML on MS vs. Open Source Office Suite Compatibility · · Score: 1
    If you print out the LaTex document onto dead trees and don't have any problems with Knuth's fonts getting munged into current font systems, yes, it's nice stuff to read.

    But if you're trying to read it on a computer screen, it's BAD BAD BAD!! Two-column is basically only readable on portrait-mode displays that are large enough to show the whole page at 100%, which few desktop computers and almost no laptops have, and otherwise you've got to keep scrolling the thing up and down. The typical Knuthish fonts are very pretty at 300dpi or more and quite ugly at 72-100dpi, and it's worse when you've got to run the thing at weird magnifications that maximize the amount of black space on your screen (since those pretty formats have margins.)

    I do find MS Word frustrating as well, and if I were starting over today I'd use LaTex instead of troff, but for most things I find that dumb ASCII or at most HTML is a better choice - describe the relationships of the objects in the document, and let the reader display it with the reader's visual preferences (which are typically tuned for the reader's display hardware and vision.) To some extent this is because I haven't written any real mathematics papers in years - F0RTRAN-style X**Y[I]/Z equation rendering works ok for 99% of the equations I write, in spite of the obvious aesthetic deficiencies, but there are a variety of ways to get better looking equations.

  9. Office 95/97 on your 2GHz PC on MS vs. Open Source Office Suite Compatibility · · Score: 1

    Old versions of bloatware often work really fast when you're running on new hardware, as long as they don't have operating system dependencies or other problems that kill them. Sure, they wanted 64MB of RAM and 100 MIPS to get decent performance, which was pushing the limits of your Pentium-133 machine, but on your current PC with 512MB-1GB of RAM and 2000 MIPS of CPU horsepower, things like that seem a lot faster.

  10. PDFs are Evil Too - Quasi-Read-Only on MS vs. Open Source Office Suite Compatibility · · Score: 1
    PDFs are useful if you want to give somebody a file that they can print out onto dead trees and have it look exactly the way it looks when you print it onto dead trees. There are times that this is useful, I suppose, but it's extremely annoying that they
    • really aren't designed to be editable (though some newer versions give you some limited capability)
    • Are very often formatted to look like an A-size or A4-size portrait-mode piece of paper (which isn't the shape of my computer screen
    • Are very often formatted in multiple columns, which fails *really badly* for reading on a screen that isn't portrait-mode-shaped and doesn't have enough pixels or height to view a full paper page at once
    • Often have fonts that work really well as black marks on dead trees but don't work well at 72-100dpi screen resolutions (though that's a much more common problem with academix LaTeX -> dvips formats) and especially don't work well at non-integral magnifications like 158% or 122%.
    But it's the read-only part that's really the worst of it, unless you're doing something sufficiently specialized that it's actually important to have that.
  11. Sleazy Policemens' Funds Solicitors on 41 Million Sign Up for National Do-Not-Call List · · Score: 1

    The worst of those that I've gotten was for the California Narcotics Officers' Association, who are a non-profit that not only finds ways to get money to sleazy prohibition cops, but lobbies to make sure drugs stay illegal, especially marijuana, and in particular they lobby against medical marijuana because they think that their political correctness is more important than the suffering of cancer patients. It happens that the kind of cancer and chemotherapy my father had wouldn't have been helped much by marijuana until his last couple of weeks (and he was in a state that didn't end prohibition on medical use), but I still take this extremely personally. This group was a "do research and call back the telemarketing shop to tell them what sleazes their customer is" level of sleaze. Many of these groups are just greedy, but these guys are actively evil.

  12. Battery Life Differences are Radio-based on Gyroscope Gives CellPhones 'Tilt Control' · · Score: 1
    The batteries are generally the same for the equivalent US and GSM models of phones. The main difference is the amount of power the radio takes.
    • Straight GSM doesn't use much power. Maybe that's related to the population density argument that Rasta Prefect brings up, or that the radio parameters were designed for it, and some of it is the protocol design for keeping track of where users are.
    • The US had Analog cell phones for a decade before GSM was deployed, so the technology is much clunkier and burns a lot of power. Since it was deployed first, it's everywhere.
    • TDMA is a lot less than analog, but I don't know how it compares to GSM.
    • CDMA is much more flexible about power consumption, so it can be pretty low depending on how close you are to a cell, but the population density thing means that on the average, US users are farther away from a cell site than Europeans are.
    • Most US phones have at least two technologies - either TDMA or CDMA, with fallback to analog, and maybe more than one band for the TDMA or CDMA. So if you're somewhere that your primary digital provider works, then great, it's pretty low power. But if you're driving around the mountains, like I was this weekend, your phone may keep broadcasting its presence on the TDMA and analog networks at the same time, hoping that _something_ will answer, and it's more likely to be analog because it carries farther. I normally get about 1-2 weeks of standby depending on how much talk time I use, but I was getting 1-2 days of standby depending on which side of the mountains I was on, and even then half the time there was only marginally enough analog roaming signal to talk.
  13. Low Priority Spam-bounce mail? on AMTP as an Alternative to SMTP · · Score: 1

    I meant to add this - is there any way to set spam-bounce mail to a lower priority, so it only soaks up bandwidth that's not otherwise busy? The trick is how to do it without interfering with real bouncemail, which is relatively high priority.

  14. Skepticism about Spam Bandwidth Consumption on AMTP as an Alternative to SMTP · · Score: 1
    I have trouble believing that 40% of your bandwidth is spam-related, unless you're a niche ISP that focuses on email services and doesn't provide basic IP access to your users.

    Spam as a percentage of email traffic is certainly high (40% seems low, actually :-), but I use more bandwidth just reading Slashdot most days than I use receiving all my home email, which is about 80% spam. (Work email doesn't count - it's full of Microsoft attachments, but doesnt get much spam.)

    On a typical day, I probably get about 200 emails, and they're under about 5KB each for text or html, and most virus emails are also under about 10KB. Some of the spam has JPEGs, and I'm not sure how big those are, but most of it doesn't. So that's maybe 1MB of spam - not small, but the slashdot front page is about 60KB, and the page for this article is about 393KB (plus some cacheable images), so my day's spam is like reading 2-3 Slashdot articles, or 8 sites like the Google News front page (60kb text, 60kb small GIFs), or a total of 20-50 non-small GIFs, or downloading one minute of music.

  15. Mixing up Vegans and Vegetarians. on Ring a Bell And I'll Salivate · · Score: 1
    First of all, you're not evil for eating meat, you're evil for hurting animals in the process of getting your meat or milk or eggs. Eat all the roadkill you want; we won't condemn you. Just keep your facts straight.

    Vegetarians don't eat animals (including fish, chickens, etc.), but some of us eat eggs and milk and others don't. Vegans not only don't eat eggs and milk, usually because you can't get them without killing animals, and in typical agriculture it also involves being mean to them, and they also don't wear leather, except Birkenstocks.*

    You can get perfectly adequate nutrition from either kind of diet - there are traditional cultures that have been doing them for thousands of years - but especially if you're a vegan you have to pay attention to what you're eating. The reasons for the stereotype rail-thin malnourished vegans are usually that they're either the type who were picky eaters before they stopped eating even more things, or else they're cluelessly taking a standard American diet and leaving off the meat, dairy products, and eggs, and only cooking the few remaining things they know how to make without bothering to learn anything about nutrition that they weren't mistaught in high school.

    As far as the rant about range-fed beef goes, it's certainly better for you than grain-fed beef, which is most the beef you get in the US because it's more tender, and almost all the pork. It can be more or less ecologically destructive than grain-fed beef - in many parts of the world, both of them involve slash-and-burn destruction of forests, but in places with stable grassland ecosystems that aren't overcrowded with cattle or sheep, it can be ok. However, the author also ignores the fact that it takes about ten pounds of grain or soybeans to raise one pound of meat, so substantially less land is required to feed people using grain than processing the grain through cows first, so there's a lot less habitat destruction.

  16. Eating Veggie at Carl's Jr. on Ring a Bell And I'll Salivate · · Score: 1
    I'm a vegetarian, but not a vegan, so it's a bit easier to find fast food. I don't usually go to the Carl's Jr. near my office, but why I do, it's one of the better fast-food choices. I usually get the potato with various toppings, and I suspect that the vaguely-butter-colored-margarine-substitute-substa nce that comes with the potatoes has few if any components that came from actual cream (:-) (Unfortunately their bacon bits are real, unlike the usual salad-bar crunch soy things.) And their fried zucchini is pretty good. And unlike McDonald's, the french fries don't have beef grease in them.

    Besides, this is California - the standard Giant Burrito works perfectly well without meat, (though I tend to get cheese on mine), and it's an adequately balanced protein from the rice and beans, and if you're the boring meat&potatoes eater, you can just as well eat rice&beans and express your machismo by using the good hot sauce (and the less authentic places use Crisco or oil instead of lard.) And next door is the Chinese place, where there's interesting Szechuan food (ok, the one near the office is actually bland greasy Cantonese), and the Thai place if the Chinese isn't spicy enough, and the basic sandwich place has hummous as well as salami.

  17. Shared Backups on Say Goodbye To Your CD-Rs In Two Years? · · Score: 1
    One way to do it is to use a computer in a colo center - they tend to have reliable power and telecom and earthquake-safe buildings and fire suppression, and they're usually far enough away from you to be safe. (Disclaimer: on the other hand, I *do* sell that stuff, so I'm a bit biased.) Colo's usually more reasonably priced for this kind of thing than managed hosting, because what you really want is a slow box full of big cheap IDE drives, not a fast transaction-oriented SAN-hosted thing.

    But if you're doing simple shared backup with another company, you're their backup and they're yours, and that's fine as long as you both can risk having your remote backup site down for a day. Obviously you both need to have internet bandwidth that's adequate for the amount of data you're backing up, plus the amount you need for regular traffic, so it may or may not be cost-effective compared to having your sysadmin take home one disk from a raid mirror every night, but you can certainly back up really critical things like your accounts receivable ledger and nightly build data and the logs from your incoming email.

    Encryption isn't that hard - you always send the files to the backup site encrypted, and keep the private keys in your bank safe deposit box (or three halves of them in three separate boxes.)

    Internet load depends a lot on how much you're really backing up, and how much needs to be backed up instantaneously vs. overnight. In some ways it helps to have the same ISP for both sites, and preferably in the same city, but if you've got different ISPs, it's nicer if they have peering within a few hundred miles of where you are. If your backups don't have to be too tightly synchronized, you can use a dirt-cheap ISP, figuring that even if they can't provide you peak bandwidth 24 hours a day, getting 90% of your bandwidth 18 hours a day is good enough for many backup situations.

  18. /sbin is the "STATIC BIN" on Dynamic Root Support For FreeBSD Now Available · · Score: 1

    Arrgh! If you're not going to statically link the stuff, don't put it in /sbin! Arrrgh.

  19. Crakk0rs r00ting boxes on Is Linux as Secure as We'd Like to Think? · · Score: 1
    A couple of years ago I used to run out-of-the-box RedHat 5.x and 6.x on a spare Pentium-60 on my lab DSL, as well as Win95 on some similarly lame machines. As an old Unix hacker, it annoyed me that not only did nobody ever crack into the Windows machine, but that the Linux box would get 0wned within a few days. After it had been brutally and senselessly killed several weeks in a row, I renamed it from "localhost" to "kenny". Eventually I installed RedHat 7 on it, and it stopped getting attacked, and later put it behind a firewall.

    The biggest holes were probably in the FTP servers, and one reason the Windows machine was safe was that it wasn't running any Microsoft servers, only clients and freeware web server that nobody had apparently cracked. I first discovered the problems when I saw (from the tcpdump that runs any time there's nothing better to do) that my machine was pinging a machine at a university in Sweden a lot - I contacted the admin there, who told me it was the Staecheldraht DDOS zombie program, and pointed me to a site with info on cleaning it up. (I'd already killed the process - the crakk0r's rootkit modified ls and ps so that it wouldn't show up, but didn't bother with /proc and some other tools....) The next week it was pinging WashU in St. Louis, which seems fair since I was running wuftpd, and the following week it was responding to pings from a machine that looked like it was at MIT (after getting ZERO usable contact information from MIT's web site or student help desk, I contacted one of their security honchos that I know from other channels - he said that it was actually a machine in Japan that had an IP address that was byte-swapped from MIT's, but somehow managed to be running DDoSware anyway). After I cleaned it up that time, the (*^%*(!&%#ers got annoyed and reformatted my disk drive....

  20. Getting 2.4.13 free from SCO on Linux 2.4.22 Stable Kernel Released · · Score: 1

    ftp.sco.com has linux-2.4.13-21S.src.rpm from their OpenLinux distribution. It's free, and still available as of this morning (after the DoS ended...) Depending on your taste in distributions, you'll probably have to repackage it to use with whatever applications you need, and I don't know if there are any critical fixes after that. Sure, it's not as much fun as running 2.6.wildly.unstable, but it'll let you run a reasonably modern production environment.

  21. Re:OT: Militia on Light Bulb Replacements · · Score: 1

    You Yankee boys might be part of the US militia, but I'm not. It's American men, aged 17-45, who are considered by law to be part of the militia, and expected to help repel any invaders (because after all, the US wasn't supposed to have a standing army or a Department of Homeland Security, since those things just lead to foreign wars and domestic oppression) or fight any Native American militias that were trying to repel invaders from _their_ territory. In my case, I'm over 45, so I'm no longer draft age, and any of the women or non-US-citizens are also not part of the militia.

  22. IDE is much cheaper than that; risks. on Say Goodbye To Your CD-Rs In Two Years? · · Score: 1
    120GB drives are below $120 these days - so you can make two mirrored copies for $2/GB, or if you want to RAIDify your backup disks, $1.25/copy (that's one parity drive for every four regular drives, though you can get an intermediate level of backupness and convenience for $1.50/GB by doing one parity drive per two regular drives.

    Remember that the objective here is long-term archival backup, not fast online backup. That also means that your backup system doesn't need to be running full-time, so the lifetime of the drives can be a lot longer, and you can use large drives instead of needing the fastest drives out there. On the other hand, there's the risk that you'll need to keep a computer around to run those drives, because technology change might make those drives unreadable on newer computers. (The opposite happens as well - I'm having trouble using my new 120GB drives on my P233 machine, and I'm beginning to suspect that it might be the internal cabling in the removable-drive drawers that's causing errors.)

  23. No windows, unfortunately on Supercomputer Breaks the $100/GFLOPS Barrier · · Score: 1

    They did comment that the machine is located in the basement and doesn't have any windows, so it's dependent on the building's cooling system. Otherwise they could have taken care of much of the heat load by simply blowing the hot air outside, at least if they can tolerate Kentucky summer heat/humidity ambient conditions, which is a lot more efficient than actual airconditioning.

  24. Less heat because no video cards or disks on Supercomputer Breaks the $100/GFLOPS Barrier · · Score: 1
    Remember that these things are pretty much just a CPU, RAM, and NICs - there aren't any video cards or disk drives (and as they comment, not even a floppy to boot from.) Your typical Gamer PC has a high-end video card, and some of those put out enough heat these days that they're coming with fans on them. So, yes, the CPU is cranking, but that's the only thing making much heat.

    Now, there's the subtlety that they're doing SIMD stuff using the 3D-Now vector processing, which may run a bit hotter than regular random behaviour, but I don't know if it really does.

  25. No Meeting vs. Bad Meeting on WIPO Pressured to Kill Meeting on Open Source · · Score: 2, Insightful
    While I strongly agree with Lessig's comments about Lois Boland's inappropriateness in office (though not necessarily his generousity in assuming incompetence vs. malice :-), I'm not sure that with that kind of commercial antagonism to open source driving a number of the participants that the outcomes of a meeting would be better than having no meeting at all. The open letter that Lessig posts has quite a wide variety of signers, and some important topics that should be discussed, if it can avoid being hijacked or overly watered down.

    There is a certain amount of truth in the comment that Tobin posted to Lessig's discussion that the meeting was really a forum for the usual lefties to rant. On the other hand, as near as I can tell from the results, the typical WIPO committee meeting is an opportunity for the usual suspects on the commercialist-control side to rant

    • RIAA participant: "We've become concerned that listening to catchy music causes tunes to run through people's heads, and we're not receiving sufficient royalties for those tune-thieves' use of our intellectual property, so we need DRM installed in everybody's head -- Mu-ah-hah-haha!!"
    • MPAA participant: "That's certainly true, but Mu-ah-hah-haha!! is a derivative work from "Bride of the Son of the Remake of Frankenstein", so you have to give us cut of your proceeds"
    • Internet Services Company: "Your use of italics denoted by letters in angle brackets in Mu-ah-hah-haha!! as a method of extorting money from the RIAA infringes on Claim 32767 of our patent on extortion as a business model, but we'll cross-license it in return for exclusivity in publishing movie trailers online."