Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Comment Re:GPS+Galileo+GLONASS+BEIDU+IRNSSUKGNSS (Score 2) 108

Use all of them at the same time and do a "majority rule" positioning.

Unless there is global war in multiple theatres, at least some of them will not be jammed

You aren't talking about multiple theaters, theater just means one location. Jamming is occurring in one location. You can just spoof or jam signals for all the various GPS systems in one location.

It doesn't matter if the ground stations for GPS are located in 1 location, Glonas in a different one & Galileo in a 3rd. They all have satellites overhead globally & the signals are in very nearby bands. You just have to blast out a jamming or spoofing signal in the target area & you affect all of them in that region.

Comment Re:NFTs have awesome potential here (Score 1) 36

So how does NFTs make this any better than what goes on now that permit in game trading? They usse a back end database tied to the game as you trade or sell your virtual items. NFTs provide 0 value over a traditional database in this case (as with almost every case), along with the standard problems with "crypto". How can you "open up new markets" when everything is tied to a single game & the whims of a developer? The NFTs or items have 0 value outside of the game. "Crypto" means power wasting overhead, ease of loosing things & a million other problems. There is no decentralized control that everybody keeps touting. It's all still Ubisoft in the end controlling everything. They just coat the same old system that's been around forever with a new layer of buzzword crap & suckers go nuts for it.

Comment Re:So what are we looking at here? (Score 4, Informative) 74

Identical headlines showed up in Slashdot & Betanews on my RSS feed within a few minutes of each other. Some PR outfit is earning their keep while "editors" are not. I was just perusing my feed & sadly wondering how much of that content was thinly veiled sponsored content already.

Comment Re:Basically everyone is going to get this. (Score 1) 88

The point of the quarantines isn't to stop people from getting the virus. It's to stop everybody from getting it all at once.

Our medical system can handle most complications most of the time. But if everybody or a large part of the population shows up in the ER at once with COVID19 problems a large number of those easily treated complications will get triaged & some of those people will die. It doesn't even need to be COVID19. If you have a heart attack & every doctor is busy with COVID19 patients, there is a good chance you will not get any or appropriate care.

If medical systems are merely really really busy rather than swamped & overwhelmed more people live. Really busy for months is good, overwhelmed for a month is not. Quarantining is a way to stretch things out so the medical system can handle things over time.

Comment Re:Here is a thought (Score 1) 196

And how is somebody suppose to know that they should use GPG & a 4096 bit key? From somebody on Slashdot? Typically for any institutional process standards are created & enforced. For the government that standards body is usually NIST. Those standards are the way to officially introduce the honorable gentleman from Oregon & his staff to GPG or whatever is deemed appropriate.

Comment Almost interesting, but actually ilegal (Score 3, Interesting) 165

That kind of violates 2 legal requirements for amateur radio... The FCC regulations for amateur radio, part 97 specifies amateur (HAM) radio must be Non-commercial & encrypted. Sending money is inherently commercial which is prohibited on amateur frequencies & is pretty clearly a violation. Encryption vs signing arguments could be made, but it's a bit murky at best.

Section 97.113 (4) “messages in codes or ciphers intended to obscure the meaning thereof, except as otherwise provided herein”

Part 97.3 (4):

(4) Amateur service. A radiocommunication service for the purpose of self-training, intercommunication and technical investigations carried out by amateurs, that is, duly authorized persons interested in radio technique solely with a personal aim and without pecuniary interest.

Part 97.113 (3) about explicitly prohibited activities:
(2) Communications for hire or for material compensation, direct or indirect, paid or promised, except as otherwise provided in these rules;

Comment Re:Disable SSID on your routers (Score 1) 118

All data traffic on that SSID still has the SSID name attached. Disabling SSID broadcast just means packets with the SSID name in them aren't beaconed constantly & only occur when traffic traverses that network. It's trivial to sniff still & is likely to still get logged by most WiFi sniffers & geolocation systems.

Comment Year old post (Score 1) 37

Interesting how DEFcon doesn't start for a week & a half... And the date on this post is from July 2017. Way to go Slashdot editors.

DEFcon will be running the Voting Machine Hacking village again this year. I fully expect they will be owning as many machines as quickly as they did a year ago. But it hasn't happened yet this year.

Comment It's not new, most servers had this years ago... (Score 2) 368

This is not new & lots of others sell similar functionality Dell DRAC, HP ILO... Those usually have dedicated Ethernet ports, but generally function the same way. I've been helping our workstation guys roll out Intell vPro for remote administration of laptops & workstations. It operates in a powered down state & can do 802.1x authention to the network while the OS is powered down. So ya, there is definately an out of band processor there that can wake the system up & do remote control type stuff. It's a feature Intel is selling & marketing.

Can't comment on the ability of it to do arbitrary memory reads & what not, but that isn't suprising in thoery. It's much less scary than the article is making it out to be, although it is another attack surface to concerned with just like RDP or SSH.

Comment Remove access ASAP (Score 4, Informative) 279

Removing access immediately is important for 2 reasons. The first is obviously security. Then 2nd is figuring out what he does & making sure somebody else has that access & knowledge.

If he's still in the office & gets a call or something to fix an issue it will have to get bounced to somebody else. You'll have him available to do knowledge transfer on what he use to have access to do. If he's not in the office, but still getting paid he's still available for knowledge transfer. If he's past his 2 weeks notice, he has 0 obligation to assist you guys or provide any knowledge & training to his former employers.

Whenever I give notice I expect to loose my administrative access pretty much immediately. I've already backed up anything personal. I feel no disrespect when it happens. Seriously? Boho, you are giving me 2 weeks of paid vacation time, cry me a river. It's slightly annoying if I'm still around for those 2 weeks with no privileges to do anything, but I know exactly why they have been removed. Being ostracized is one thing (and not really kosher), but merely having admin credentials revoked should be expected.

As far as a security issue goes, any competent disgruntled sysadmin has already done the done the damage or set the logic bomb before they have given their notice. Still, better safe than sorry.

Comment Re:NameCheap (Score 1) 295

I haven't gotten around do doing 2fa with them (shame on me, although I haven't logged in in ages as name registration for a couple personal domains doesn't really require any ongoing maintnance), but have been using Gandi for years. They have very good privacy & rights policies (you own your domain, not the registrar owns it on your behalf type junk). Not the cheapest, but good from the security, nerdy & rights minded Slashdot crowd.

Comment Oddly enough I just said no (Score 1) 209

Yesterday I just changed me & my wife from our AT&T legacy unlimited plans to a shared 10gb plan (think it's doubled to 20gb due to some promo). I think we'll end up saving over $30 a month and going from 1400 minutes to unlimited. I looked at the stats & combined in the past year our biggest usage month was about 5gb.

Not sure if you can look up the data usage on Verizon, but you can find it for AT&T. If your not using much compared to a capped pan & there is a savings, your probably better off changing.

I noticed the AT&T app now permits tethering to boot (not that it mattered, I'm rooted & running Cyanogen, so could tether natively, although in theory they could still detect that & do something about it, I never abused it though).

Comment DEFcon (Score 1) 131

I leave for DEFcon 22 tomorrow...

Yes it's a hacker convention & not an IT convention, but it's the best conference I've ever been to. I get exponentially more out of DEFcon ($220) than I got out of RSA (over $2,000). If money was no object I'd still recommend DEFcon. It makes you think about technology in ways you never have before. It trains you to think about bending technology to your will however you can (the classic definition of hacking), not just security related exploits.

My management usually sees the value in it. They usually tell their management it's just a computer security conference as it has negative connotations to a lot of people though. The DEFcon network is the most hostile one in the world, so you may want to stay off of it (I don't), but really things aren't that bad.

Slashdot Top Deals

Two is not equal to three, even for large values of two.

Working...