Open Source

Ask Slashdot: Definitive Password Management Best Practices Using OSS? 77

jmcbain writes: I am an software engineer for a client-server user account system handling both Web and smartphone clients. I have been searching for definitive and crystal-clear best practices for managing user account and password data using open-source software, but I have only cobbled together a complete picture from dozens of websites. I currently have a system that sends passwords over SSL and performs bcrypt hashing for storage and authentication checking at the server side. Is that good enough? The recent Ashley Madison breach and the exposure of MD5-hashed passwords (as opposed to bcrypt) has me worried again. Can someone please suggest a definitive, cookbook-style Web resource or book on how to use open-source software to handle user passwords for multiple client-server scenarios? I would like answers to questions such as: Where do I perform hashing (smartphone/web client or server)? What hash algorithm should I use? How do I store the hashes? How can clients recover forgotten passwords? etc.
Open Source

Ask Slashdot: Synchronizing Sound With Video, Using Open Source? 103

An anonymous reader writes: I have a decent video camera, but it lacks a terminal for using an external mic. However, I have a comparatively good audio recorder. What I'd like to do is "automagically" synchronize sound recorded on the audio recorder with video taken on the video camera, using Free / Open Source software on Linux, so I can dump in the files from each, hit "Go," and in the end I get my video, synched with the separately recorded audio, in some sane file format. This seems simple, but maybe it isn't: the 800-pound gorilla in the room is PluralEyes, which evidently lots of people pay $200 for --and which doesn't have a Linux version. Partly this is that I'm cheap, partly it's that I like open source software for being open source, and partly it's that I already use Linux as my usual desktop, and resent needing to switch OS to do what seems intuitively to be a simple task. (It seems like something VLC would do, considering its Swiss-Army-Knife approach, but after pulling down all the menus I could find, I don't think that's the case.) I don't see this feature in any of the Open Source video editing programs, so as a fallback question for anyone who's using LiVES, KDEnlive, or other free/Free option, do you have a useful workflow for synching up externally recorded sound? I'd be happy even to find a simple solution that's merely gratis rather than Free, as long as it runs on Ubuntu.

Ask Slashdot: Cheapest Functional Computer For Students? 508

An anonymous reader writes: I've started a second career, teaching English at a High School in a middle class area. While the large majority of students have a computer and internet access at home, about 10-15% do not. I assign papers that must be typed, I have papers turned in online, and I plan to freely refer to texts, videos, and other resources that are available online. This gives an extra disadvantage to students that may be from the poorer end of the strata, and also means extra inefficiency for me, as I have to make allowances for students who don't have a computer available at home.

Right now, I have to tell them to either use school computers during the day, or to pick up a $170 laptop (more than enough — I administer the class using such a laptop). However, I was surprised at the lack of a super-cheap option for students. I'd love to see something for $20 that any student could afford easily, or perhaps I could just gift to a few students. I feel like something in this price range could be sufficiently powerful for basic word processing, youtube videos, and internet searches (internet access is a separate issue). But looking over my options I see:

1) The very cheapest Chromebooks are also in the $170 range.
2) Android Sticks have been around for a while, and do cost in the $20 range, but don't seem to have matured into a generally usable technology. Surprisingly, there doesn't seem to be a community effort to easily turn these Android sticks into Ubuntu/Mint sticks.
3) Students can't be assumed to have the technical know-how to fix up a Salvation Army computer (I wouldn't mind helping out a bit, but I don't want to turn into tech support)
4) A Raspberry Pi costs $70 once you include a case/power supply/etc, and students would receive a big bag of parts.
5) Cheap Windows Tablets have glitches, and don't have an HDMI out.
6) There isn't a good solution to using a cell phone as a desktop computer.

Are any of my assumptions wrong? Are there any other options I'm not considering?

Ask Slashdot: What Windows-Only Apps Would You Most Like To See On Linux? 889

An anonymous reader writes: With all the recent brouhaha about Windows 10 privacy violations and forced updates, I'm one of those that wants to thank Microsoft very gently, while taking it by the hand, and slamming the door behind it for good. Fortunately for me, I don't use any special software that is tied to Windows, except games, of course. One program I would really miss though is Total Commander file manager, which is basically my interface to the whole OS. So, I know there are Linux alternatives, but which one is the best? Also, I currently use PaleMoon fork of Firefox as my main browser, but there doesn't seem to be a Linux variant. What other software would you want to transplant to Linux, if any?

Ask Slashdot: Best Tablet In 2015? 283

An anonymous reader writes: My 2012 Nexus 7 tablet is showing its age. The battery drains quickly, the storage problem that plagued all the Nexus 7s persists even after rooting and re-imaging, and the CPU/RAM can't keep up with the later Android versions. When it came out, it was fantastic — good specs, solid build quality, Nexus line, and a good size. Is there anything on the market today that stands out as much as the Nexus 7 did? I tend to prefer the smaller tablets over the bigger ones, but I'm not entirely averse to an 8" or 9" device. There seem to be some really nice devices in the $3-400 range, but I'm not sure if there's a huge benefit to those over the ~$200 models. I don't do any serious gaming on my tablet, but I also want the apps I do use to be snappy. Those of you who have bought or used tablets made in the past year or so, what has your experience been? Any brands or models that stand out from the crowd? Any to avoid?
Data Storage

Ask Slashdot: Storing Family Videos and Pictures For Posterity? 174

New submitter jalvarez13 writes: I'm in my early 40's and I will become a dad in less than a month. Until now I've been quite happy with a Canon Powershot S110 for taking pictures and video, but now I'm thinking in longer terms. If some of you have already thought or done something about this, what did you consider when buying photo/video equipment? What about a plan to store the files you generate? I guess there are important decisions you made about to image quality, file formats, storage type, organizing and labelling software, etc.

I'm also wondering if there are any other technologies (stereoscopic cameras?) that I haven't thought about and may be interesting to look at.

Ask Slashdot: Can Any Wireless Tech Challenge Fiber To the Home? 190

New submitter danielmorrison writes: In Holland, MI (birthplace of Slashdot) we're working toward fiber to the home. A handful of people have asked why not go wireless instead? I know my reasons (speed, privacy, and we have an existing fiber loop) but are any wireless technologies good enough that cities should consider them? If so, what technologies and what cities have had success stories?
The Almighty Buck

Ask Slashdot: What Would You Do If You Were Suddenly Wealthy? 842

An anonymous reader writes: There are a few articles floating around today about comments from Markus Persson, aka "Notch," the creator of Minecraft. He sold his game studio to Microsoft last year for $2.5 billion, but he seems to be having a hard time adjusting to his newfound fame and wealth. He wrote, "The problem with getting everything is you run out of reasons to keep trying, and human interaction becomes impossible due to imbalance. ... Found a great girl, but she's afraid of me and my life style and went with a normal person instead. I would Musk and try to save the world, but that just exposes me to the same type of a$#@%&*s that made me sell minecraft again." While he later suggests he was just having a bad day, he does seem to be dealing with some isolation issues. Granted, it can be hard to feel sorry for a billionaire, but I've wondered at times how I'd handle sudden wealth like that, and I long ago decided it would make the human relationships I'm accustomed to rather difficult. So, how would you deal with Notch's problem? It seems like one the tech industry should at least be aware of, given the focus on startup culture.

Ask Slashdot: Suggestions For Taking a Business Out Into the Forest? 146

An anonymous reader writes: I'm a huge fan of primitive survival reality TV. I am also self-employed in web troubleshooting and hosting services. I have to be available 24/7, but a lot of my work is just being online for a few minutes at a time. I often think about taking my business 'outdoors', camping, 3-7 days or so at a time — but staying online. Has anyone had experience with this? How did you do it, in terms of internet connectivity and portable power? Satellite internet or long distance Wi-Fi antennaes and a very tall pole? I've looked at some portable power stations with solar attachments, but the idea of hand-cranking to recharge if it's overcast isn't fun, after all, the point is to relax. But I'm willing to manually recharge if it's realistic (would prefer pedaling though!) I happen to have a Toughbook CF-52 (I just thought it was cool) but I may need to replace that with a more eco-friendly laptop as well. Thanks!

Ask Slashdot: Advice On Enterprise Architect Position 198

dave562 writes: I could use some advice from the community. I have almost 20 years of IT experience, 5 of it with the company I am currently working for. In my current position, the infrastructure and applications that I am responsible for account for nearly 80% of the entire IT infrastructure of the company. In broad strokes our footprint is roughly 60 physical hosts that run close to 1500 VMs and a SAN that hosts almost 4PB of data. The organization is a moderate sized (~3000 employees), publicly traded company with a nearly $1 billion market value (recent fluctuations not withstanding).

I have been involved in a constant struggle with the core IT group over how to best run the operations. They are a traditional, internal facing IT shop. They have stumbled through a private cloud initiative that is only about 30% realized. I have had to drag them kicking and screaming into the world of automated provisioning, IaaS, application performance monitoring, and all of the other IT "must haves" that a reasonable person would expect from a company of our size. All the while, I have never had full access to the infrastructure. I do not have access to the storage. I do not have access to the virtualization layer. I do not have Domain Admin rights. I cannot see the network.

The entire organization has been ham strung by an "enterprise architect" who relies on consultants to get the job done, but does not have the capability to properly scope the projects. This has resulted in failure after failure and a broken trail of partially implemented projects. (VMware without SRM enabled. EMC storage hardware without automated tiering enabled. Numerous proof of concept systems that never make it into production because they were not scoped properly.)

After 5 years of succeeding in the face of all of these challenges, the organization has offered me the Enterprise Architect position. However they do not think that the position should have full access to the environment. It is an "architecture" position and not a "sysadmin" position is how they explained it to me. That seems insane. It is like asking someone to draw a map, without being able to actually visit the place that needs to be mapped.

For those of you in the community who have similar positions, what is your experience? Do you have unfettered access to the environment? Are purely architectural / advisory roles the norm at this level?

Ask Slashdot: New Employee System Access Tracking? 87

New submitter mushero writes: We are a fast-growing IT services company with dozens of systems, SaaS tools, dev tools and systems, and more that a new employee might need access to. We struggle to track this, both in terms of what systems a given set of roles will need and then has it been done, as different people manage various systems. And of course the reverse when an employee leaves. Every on-boarding or HR system we've looked at has zero support for this; they are great at getting tax info, your home address, etc. but not for getting you a computer nor access to a myriad of systems. I know in a perfect world it'd all be single-sign-on, but not realistic yet and we have many, many SaaS service that will never integrate. So what have you used for this, how do you track new employee access across dozens of systems, hundreds of employees, new hires every day, etc.?

Ask Slashdot: Tips For Getting Into Model Railroading? 149

An anonymous reader writes: A relative of mine has been hinting that he'd like me to take over his model railroad collection in the event of his death (or even before that, to make this a bit less morbid-sounding). I'm intrigued by the idea, because I've been interested in model railroads for years, but too commitment shy and too transient to actually start a collection. That's changed enough that I'd like to start planning a train system, and am looking for advice from people who have been at it for a while. A couple of parameters: 1) I'm only interested for now in HO-scale stuff, so I am not all that interested in the relative merits of the other kinds, cool as they might be. 2) Related, I am somewhat less interested in the rolling stock than I am in the construction and control of the track and surrounding landscape. Interested in learning from experienced model railroad enthusiasts what lessons you've learned over the years that would be useful for a newbie, especially if you've made some cool automation for your system, or have built extensive support structures. This includes negative lessons, too, if you've overloaded circuits or floorboards. I'd *like* to integrate some interesting sensors and control systems, and I see some interesting open source software for this. So: What advice would you give to a late-start railroader? For reference: this set-up may end up living in an unfinished suburban basement.

Ask Slashdot: Maintaining Continuity In Your Creative Works? 95

imac.usr writes: I recently rewatched the Stonecutters episode of The Simpsons and laughed as always at the scene where Homer pulls into his parking space — right next to his house. It's such a great little comic moment. This time, though, it occurred to me that someone probably wrote in to complain that the power plant was normally in a completely different part of town, no doubt adding "I really hope somebody got fired for that blunder." And that got me to wondering: how do creators of serial media — books, web comics, TV shows, even movie serials — record their various continuities? Is there a story bible with the information, or a database of people/places/things, or even something scribbled on a 3x5 card. I know Slashdot is full of artists who must deal with this issue on a regular basis, so I'd be interested in hearing any perspectives on how (or even if) you manage it.

Ask Slashdot: Buying a Car That's Safe From Hackers? 373

An anonymous reader writes: I'm in the market for a new car, and I've been going through the typical safety checklist: airbag coverage, crash test results, collision mitigation systems, etc. Unfortunately, it seems 2015 is the year we really have to add a new one to the list: hackability. Over the past several weeks we've seen security researchers remotely cut a Corvette's brakes, shut down a Tesla's computer, unlock a bunch of cars, intercept Onstar, and take over a Jeep from 10 miles away.

So, how do we go about buying a car with secure systems? An obvious answer would be to buy a car with limited or archaic computer control — but doing so probably comes with the trade-off of losing other modern safety technology. Is there a way to properly evaluate whether one car's systems are more secure than another's? Most safety standards are the result of strict regulation — is it time for the government to roll out legislation that will enforce safety standards for car computers as well?

Ask Slashdot: How To "Prove" a Work Is Public Domain? 213

New submitter eporue writes: YouTube claims that I haven't been able to prove that I have commercial rights to this video of Superman. They are asking me to submit documentation saying "We need to verify that you are authorized to commercially use all of the visual and audio elements in your video. Please confirm your material is in the public domain." I submitted a link to the Wikipedia page of the Superman cartoons from the 40s where it explains that the copyright expired, and to the Archive page from where I got it. And still is not enough to "prove" that I have the commercial rights. So, how do you "prove" public domain status ?