Networking

Ask Slashdot: How To Deal With a Persistent and Incessant Port Scanner? 265

jetkins writes: What would you do if your firewall was being persistently targeted by port scans from a specific group of machines from one particular company? I run a Sophos UTM9 software firewall appliance on my home network. Works great, and the free Home Use license provides a bunch of really nice features normally only found on commercial-grade gear. One of those is the ability to detect, block, and report port scans, and under normal circumstances I only get the occasional alert when some script kiddie comes a-knocking at my door.

But in recent months I have been getting flooded with alerts of scans from one particular company. I initially reported it to my own ISP's (RoadRunner's) abuse desk, on the assumption that if they're scanning me then they're probably scanning a bunch of my neighbors as well, and any responsible ISP would probably want to block this BS, but all I ever got back was an automated acknowledgment and zero action. So I used DNS lookup and WHOIS to find their phone number, and spoke with someone there; it appears that they're a small outfit, and I was assured that they had a good idea where it was coming from and that they would make it stop. Indeed, it did stop a few days later but then it was back again, unabated, after another week or so. So last week I called them again, and was once again assured of a resolution. No dice, the scans continue to pour in.

I've already blocked their subnet at my firewall, but the UTM apparently does attack detection before filtering, so that didn't stop the alerts. And although I *could* disable port scan alerts, it's an all-or-nothing thing and I'm not prepared to turn them off completely. This afternoon I forwarded the twenty-something alerts that I've received so far today, to their abuse@ address with an appeal for a Christmas Miracle, but frankly I'm not holding out much hope that it will have any effect. So, Slashdotters, what should I do if this continues into the new year? Start automatically bouncing every report to their abuse address? Sic Anonymous on them? Start calling them every time? I'm open to suggestions.
Education

Ask Slashdot: Resources For Explaining Statistics For the Very First Time? (thejuliagroup.com) 90

theodp writes: Teaching multivariate statistics to college students, writes AnnMaria De Mars, was a piece of cake compared to her current project — making a game to teach statistics to middle school students who have never been exposed to the idea. In the interest of making a better game, De Mars asks, "Here's my question to you, oh reader people, what resources have you found useful for teaching statistics? I mean, resources you have really watched or used and thought, 'Hey, this would be great for teaching?' There is a lot of mediocre, boring stuff on the interwebz and if any of you could point me to what you think rises above the rest, I'd be super appreciative." Larry Gonick's The Cartoon Guide to Statistics is pretty amazing, but is it a little too advanced for this age group? Anyone have experience with the Khan Academy Data and Statistics offerings? Any other ideas?
Communications

Ask Slashdot: Keeping My Data Mine? (2015 Edition) 132

New submitter schklerg writes: Like many, I am tired of being the product of the corporate "cloud" overlords. To that end, I've got my own Linux server running Tiny Tiny RSS (RSS — Feedly replacement), OwnCloud (Storage / phone backup / Keepass sync / notes — Google Drive replacement), Coppermine Gallery (picture library), Dokuwiki (quick reference), and Shaarli (bookmarks manager — Foxmarks / Sync replacement). Crashplan lets me pick the keys for my backups, and the only thing Google Drive ever sees is a pgp encrypted file of various items. Next up is moving from gmail with iRedMail. Yes, the NSA may have it all anyway, but being under less corporate control is a nice feeling. What have you done to maintain control of your own data?
Open Source

Ask Slashdot: What's the Biggest Open Source Project of 2015? 113

An anonymous reader writes: Several major tech and open source sites—including Opensource.com and Infoworld—have published lists of the top open source projects of the year. What's your pick for the biggest, best, or most important open source project of 2015? Are there any projects that made big leaps this year that aren't getting the recognition they deserve?
Communications

Ask Slashdot: Best (or Better) Ways To Archive Email? 177

An anonymous reader writes: I've been using email since the early '90s and have probably half a million emails in various places and accounts. Some of them are currently in .tar files, others in the original folders from obsolete or I-don't-use-them-anymore mail clients. Some IMAP, some POP3. You get the picture. I don't often need to access emails older than a year or two, but when I do, I have found that my only hope for the truly archived ones is to guess what Grep combo might find the right text in the file ... and then pick through the often unformatted, unwrapped, super ugly text until I find the email address or info that I'm searching for. Because of this, I tend to at-all-costs leave emails on servers or at least in the clients so that I can more easily search and find.

My question is whether there's any way to safely store them in a way that I can actually use them later, offline, in a way that allows for easy date searches, email address searches, and so on. Thunderbird for example has 'Archive' as an option, but if I migrate to a different client I assume that won't work anymore. So what ways to people archive emails effectively? Or is this totally a lost cause and I should keep limping along with grep?
Encryption

Ask Slashdot: Security Monitoring Company That Accepts VPN Video Feeds? 136

mache writes: My cousin is finishing up a major remodel of his home in Houston and has installed video cameras for added security. At my suggestion, he wired up all the cameras to be on a separate VLAN that only uses wired Ethernet and has no WiFi access. Since the Houston police will only respond to security alarms if the monitoring company is viewing the crime in progress, he must arrange for the video feed to available to a security monitoring company. I told him that the feed should use VPN or some other encrypted tunneling technique as it travels the Internet to the monitoring company and we proceeded to try and find a company that supported those protocols. No one I have talked to understands the importance of securing a video feed and everyone so far blithely suggests that we just open a port on his home router. Its frustrating to see such willful ignorance about Internet security. Does anyone know of a security monitoring company that we can work with that has a clue?
Build

Ask Slashdot: Cost Effective Way To Soundproof My Home? 388

An anonymous reader writes: As more and more people live closer together in tightly packed subdivisions, the mental stress of noise becomes a serious issue. Noise nuisance complaints are on the rise, litigation increasing. We try to tune it out, yet the stress it causes is still present, and there's seemingly no way around it." Six months ago a new neighbor moved in next door who has two dogs, one of which barks incessantly with a high pitched yip that is driving my wife crazy and making it difficult for me to read or work on the computer. I've already talked to my neighbor and he will bring the dog inside but three days later it starts again. What is a cost effective technical solution to knock 10 or 20 dB off the exterior noise? soundproof windows, an interior acoustic blanket,a sound blocking fence, a sound absorbing fence, planting foliage or noise cancelling headphones, or something else. I'm sure I'm not the first slashdotter to have this problem. What has worked for you?
Education

Ask Slashdot: How Will You Be Programming In a Decade? (cheney.net) 279

An anonymous reader writes: Programmer Dave Cheney raised an interesting question today: How will you be programming in a decade? If you look back to a decade ago, you can see some huge shifts in the software industry. This includes the rise of smartphones, ubiquitous cloud infrastructure, and containers. We've also seen an explosion of special-purpose libraries and environments, many with an emphasis on networking and scaling. At the same time, we still have a ton of people writing Java and C and Python. Some programmers have jumped headfirst into new tools like Light Table, while others are still quite happy with Emacs. So, programmers of Slashdot, I ask you: How do you think your work (or play) will change in the next ten years?
Handhelds

Ask Slashdot: What Single Change Would You Make To a Tech Product? 508

An anonymous reader writes: We live in an age of sorcery. The supercomputers in our pockets are capable of doing things it took armies of humans to accomplish even a hundred years ago. But let's face it: we're also complainers at heart. For every incredible, revolutionary device we use, we can find something that's obviously wrong with it. Something we'd instantly fix if we were suddenly put in charge of design. So, what's at the top of your list? Hardware, software, or service — don't hold back.

Here's an example: over the past several years, e-readers have standardized on 6-inch screens. For all the variety that exists in smartphone and tablet sizing, the e-reader market has decided it must copy the Kindle form factor or die trying. Having used an e-reader before all this happened, I found a 7-8" e-ink screen to be an amazingly better reading experience. Oh well, I'm out of luck. It's not the worst thing in the world, but I'd fix it immediately if I could.
XBox (Games)

Ask Slashdot: Xbox One Or PlayStation 4? 375

An anonymous reader writes: I'm looking at getting the kids a new gaming console for Christmas this year. I'm stuck trying to decide between getting an Xbox One or a PlayStation 4. I'm really wary on the PlayStation because of the 5 PS2s with broken optical drives sitting in my garage; none lasted more than two years. On the other hand, I'm also wary of buying a Microsoft product; I'm a Linux user for life after getting tired of their crappy operating system. I've also considered getting a gaming PC, whether Linux or Windows, but it's more expensive and game reviews show most are not as good as a dedicated game console. The kids want Fallout 4, and I want Star Wars Battlefront and any version of Gran Turismo. We currently have a Nintendo Wii and a crappy gaming PC with some Steam games. So, which gaming console should I get that will last a long time?
Programming

Ask Slashdot: Convincing a Team To Undertake UX Enhancements On a Large Codebase? 192

unteer writes: I work at a enterprise software company that builds an ERP system for a niche industry (i.e. not Salesforce or SAP size). Our product has been continuously developed for 10 years, and incorporates code that is even older. Our userbase is constantly expanding, and many of these users expect modern conveniences like intuitive UI and documented processes. However, convincing the development teams that undertaking projects to clean up the UI or build more self-explanatory features are often met with, "It's too big an undertaking," or, "it's not worth it." Help me out: What is your advice for how to quantify and qualify improving the user experience of an aging, fairly large,but also fairly niche, ERP product?
Businesses

Slashdot Asks: Is Scrum Still Relevant? (opensource.com) 371

An anonymous reader writes: In an article titled "Scrum is dead: breaking down the new open development method," Ahmad Nassri writes: "Among the most 'oversold as a cure' methodologies introduced to business development teams today is Scrum, which is one of several agile approaches to software development and introduced as a way to streamline the process. Scrum has become something of an intractable method, complete with its own holy text, the Manifesto for Agile Software Development , and daily devotions (a.k.a., Scrum meetings). Although Scrum may have made more sense when it was being developed in the early '90s, much has changed over the years. Startups and businesses have work forces spread over many countries and time zones, making sharing offices more difficult for employees. As our workforce world evolves, our software development methods should evolve, too." What do you think? Is Scrum still a viable approach to software development, or is it time to make way for a different process?
Software

Ask Slashdot: What Terminal Emulator Do You Use? 352

An anonymous reader writes: Although I spend a considerable amount of my time at work using shell commands and other text-based applications, I've never really given much thought to what terminal emulator I use. A recent article over on Opensource.com rounded up their picks for their seven favorite terminals, but I'm still unsure if it really matters which one I pick. Do you have a favorite terminal emulator, and if so, what makes it your favorite? I'm interested in hearing about that "one killer feature" that really sold you on your choice.
Displays

Ask Slashdot: What's Out There For Poor Vision? 197

hackwrench writes: I like to read on my computer, but when I resize text to be comfortably big, web pages and browsers handle it badly, and some applications don't offer an option to enlarge. Some applications even are bigger than the screen, which Windows doesn't handle well. Lastly, applications consist of bright backgrounds which feels like staring into a headlight. Windows' built in options like magnifier are awkward. What tools are there for Windows to increase text size, make things fit inside the screen, and substitute colors that windows use?
Security

Ask Slashdot: Automated Verification For Uploaded Files? 74

VernonNemitz writes: There are a lot of ways for hackers to abuse a web site, but it seems to me that one of them is receiving less attention than it deserves. This is the simple uploading of a malware file, that has an innocent file-name extension. I'm looking for a simple file-type verification program that the site could automatically run, on each uploaded file, to test it to see if it is actually the type of file that its file-name extension claims it is. That way, if it ever gets double-clicked, we can be assured it won't hijack the system or worse. At the moment I'm only interested in testing .png files, but I'm sure plenty of web site operators would want to be able to test other file types. A quick Googling indicates the existence of a validator project under the OWASP umbrella, but is it the best choice, and what other choices are there?
Businesses

Ask Slashdot: Open Source Back-Up Tool For Business? 118

New submitter xerkot writes: I am looking for a tool to make backups of PCs in a big company. We want to replace the one that we are using at this moment for this new one. The tool will be used to do backups of PCs (mainly Windows, and a few Linux), and we want to manage these backups centrally from a console, being able to automatize the backup process. The servers of the company are backed up with another tool, so they are out of scope. In the company we are being encouraged more and more to use open source software, so I would like to ask you, what are best open source tools to do backups of PCs? Are they mature enough for a big company?
Displays

Ask Slashdot: Tiny PCs To Drive Dozens of NOC Monitors? 197

mushero writes: We are building out a new NOC with dozens of LCD monitors and need ideas for what PCs to use to drive all those monitors. What is small and easy to stack, rack, power, manage, replace, etc.?

The room is 8m x 8m. It has a central 3x3 LCD array, as well as mixed-size and -orientation LCD monitors on the front and side walls (plus scrolling LEDs, custom desks, team tables, etc) — it's designed as a small version of the famous AT&T Ops Center. We are an MSP and this is a tour showcase center, so more is better — most have real functions for our monitor teams, DBAs, SoC, alert teams, and so on, 7x24. We'll post pics when it's done.

But what's the best way to drive all this visual stuff? The simplest approach for basic/tiny PCs is to use 35-50 of these — how do we do that effectively? Almost all visuals are browser-only, so any PC can run them (a couple will use Apple TV or Cable feeds for news). The walls are modular and 50cm thick, and we'll have a 19" rack or two, so we have room, and all professional wiring/help as needed.

Raspberry Pis are powerful enough for this, but painful to mount and wire. Chromeboxes are great and the leading candidate, as the ASUS units can drive two monitors. The Intel NUC can also do this — those and the Chromeboxes are easily stackable. My dream would be a quad-HDMI device in Chromebox form factor. Or are there special high-density PCs for this with 4-8-16 HDMI outputs?

Each unit will be hard-wired to its monitor, and via ip-KVM (need recommendations on that, too, 32+ port) for controls. Any other ideas for a cool NOC are also appreciated, as we have money and motivation to do anything that helps the team and the tours.
Technology

Ask Slashdot: Smart Electronics For a Marathoner? 169

New submitter IMightB writes: My question is basically what is the best smart watch style device for runners. Must have features GPS, bluetooth and music storage for roughly 5 hours of use during a marathon. Pretty much everything else is a nice to have. My wife has recently decided to enter her first marathon and unfortunately, the other day during a training run her 7gen iPod Mini gave up the ghost due to moisture accumulating in the armband and her Garmin Forerunner 15 only lasts about 3 hours with GPS on (despite Manufacturer claims to the contrary). She would like to consolidate devices down to something with a watch style format and start using a bluetooth headset. I currently use, and really like, a pair of aging Jaybird JF3's for a bluetooth headset and will probably recommend to her whatever Jaybirds current equivalent is in their lineup. But the watch portion is eluding me still. Based on my current research, the Sony SmartWatch 3 may be the only one that fits my wife's 'Must have Requirements' Are there other options available? Can anyone with marathon or distance running experience share their thoughts on this subject? Thanks in Advance.
Programming

Ask Slashdot: How Can My Code Help? 47

An anonymous reader writes: The story will probably be familiar. My non-profit organization had a particular need (we want to communicate with government officials by offering anecdotes and stories of how we help their constituents), and while I created a solution, the time constraints and lack of experience, training and natural ability show. I'd like to do more with the code, both in terms of letting others have it for their needs and also because I'm sure talented coders could more quickly and efficiently solve some of the existing problems with my code. But how do I make that happen? What do I do with it?

I have every intention of continuing to work on it. I enjoyed the learning opportunity, and I've already identified a number of things I want to improve upon, but I recognize that even as crude as my code is, if it solved my issue it might help others too.

Do I just put it on Github or SourceForge and hope that someone else will have that magic formula of my use case and skill level (because someone more talented would probably make their own code easily enough, while someone less talented may not realize how doable the solution can be)? Do I try to find an existing project and see if I can shoe-horn my efforts in somewhere? Do I keep it to myself until some unspecified point in time that I realize it's right for sharing?
Read on for further background information on this question.
Operating Systems

Ask Slashdot: Innovative Operating Systems/Distros In 2015? 206

iamacat writes: Back in 90s, we used Linux not only because of open source, but also for innovative features not found in commercial operating systems — better multitasking, network power features like slirp and masquerading, free developer tools for many languages. Nowadays OSX and Windows caught up in these areas and mainstream distros like Ubuntu dumbed down in default configuration. So where to go for active innovation like 3D/VR desktop, artificial intelligence, drag and drop ability to mash up UI of multiple apps or just drastically better performance? Something maybe rough around the edges but usable and exciting enough to use as daily desktop?

Slashdot Top Deals