Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×

Comment Re:Different audiences (Score 1) 81

And nobody is a "minor player" with something so complex as Xen

There are hundreds, probably thousands, of "minor players". Just look at something like http://lowendbox.com/ or WebHostingTalk. Most of them use OpenVZ because it has less overhead, but Xen is still pretty common as it has fewer limitations (like you can load whichever module you want).

Comment Re:WildStar does this (Score 1) 116

That's horrible use case. It really should not matter if the hacker can get your used one time token after you have entered it. Of course, it's bigger deal if they are not actually one time tokens like in Wildstar (you can use the token until it expires), but that should be fixed by making them one time tokens.

Oh yeah, and their reasoning was that it would protect users against drive-by Javascript keylogger (on desktop client).

Comment Re:Error so popular it was enshrined in PCI DSS (Score 3, Interesting) 192

Salts do provide protection against that. Salts are secret if you want them to be (you can protect the plain text salt same way as you do protect your plain text keys for encryption), you only need to share them when other party has to be able to hash their original data.

Here are some sha1 hashes:

  • 4c2199828f355281e0f6eccb76d9df609f99ed0e salt+"123"
  • 458183225b77f6baff7c4c439b0ed3a5e7278e8a salt+"456"
  • ed974fc96c530639cccc9b18315396789d93a697 salt+"789"
  • f87a2fa039a20d01032f19b5852868343f3d06b9 salt+"???"

So, how about you tell me what that last number combination is? I can give you a hint that it matches regex /^[1-9]{3}$/ (so there are only 729 possibilities). The salt is 60 character string. If you cannot do it, then OPs post was correct.

Comment Re:Paper trail (Score 1) 193

Many slashdot readers are well versed in CS and we do not trust these systems. How then can we expect the public to have any faith in these systems?

Like that matters. We don't trust most of the things, but public is perfectly happy with them (until shit hits the fan). Convenience tends to triumph security.

Comment Re:Windows keys? (Score 1) 459

How do you start applications? Go to desktop and click the icon? Press the Windows menu and find the application from there? Start from Pinned application or whatever it's called (which is okay as long as you don't have tons of applications you are using)? Personally, I find it much easier to just press Windows key, type the few first letters from program name and press enter.

Also, I like to use it to check the time as I have autohide on (and that's one of the largest reasons I dislike the Windows 8 Start view).

Variables don't; constants aren't.