Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:Different audiences (Score 1) 81

by Buzer (#48048921) Attached to: Xen Cloud Fix Shows the Right Way To Patch Open-Source Flaws

And nobody is a "minor player" with something so complex as Xen

There are hundreds, probably thousands, of "minor players". Just look at something like http://lowendbox.com/ or WebHostingTalk. Most of them use OpenVZ because it has less overhead, but Xen is still pretty common as it has fewer limitations (like you can load whichever module you want).

Comment: Re:WildStar does this (Score 1) 116

by Buzer (#47405527) Attached to: Researchers Develop New Way To Steal Passwords Using Google Glass

That's horrible use case. It really should not matter if the hacker can get your used one time token after you have entered it. Of course, it's bigger deal if they are not actually one time tokens like in Wildstar (you can use the token until it expires), but that should be fixed by making them one time tokens.

Oh yeah, and their reasoning was that it would protect users against drive-by Javascript keylogger (on desktop client).

Comment: Re:Error so popular it was enshrined in PCI DSS (Score 3, Interesting) 192

by Buzer (#47304195) Attached to: Improperly Anonymized Logs Reveal Details of NYC Cab Trips

Salts do provide protection against that. Salts are secret if you want them to be (you can protect the plain text salt same way as you do protect your plain text keys for encryption), you only need to share them when other party has to be able to hash their original data.

Here are some sha1 hashes:

  • 4c2199828f355281e0f6eccb76d9df609f99ed0e salt+"123"
  • 458183225b77f6baff7c4c439b0ed3a5e7278e8a salt+"456"
  • ed974fc96c530639cccc9b18315396789d93a697 salt+"789"
  • f87a2fa039a20d01032f19b5852868343f3d06b9 salt+"???"

So, how about you tell me what that last number combination is? I can give you a hint that it matches regex /^[1-9]{3}$/ (so there are only 729 possibilities). The salt is 60 character string. If you cannot do it, then OPs post was correct.

Comment: Re:Paper trail (Score 1) 193

by Buzer (#47095121) Attached to: Bug In DOS-Based Voting Machines Disrupts Belgian Election
Many slashdot readers are well versed in CS and we do not trust these systems. How then can we expect the public to have any faith in these systems?

Like that matters. We don't trust most of the things, but public is perfectly happy with them (until shit hits the fan). Convenience tends to triumph security.

Comment: Re:Windows keys? (Score 1) 459

by Buzer (#45999055) Attached to: Stop Trying To 'Innovate' Keyboards, You're Just Making Them Worse

How do you start applications? Go to desktop and click the icon? Press the Windows menu and find the application from there? Start from Pinned application or whatever it's called (which is okay as long as you don't have tons of applications you are using)? Personally, I find it much easier to just press Windows key, type the few first letters from program name and press enter.

Also, I like to use it to check the time as I have autohide on (and that's one of the largest reasons I dislike the Windows 8 Start view).

When you don't know what to do, walk fast and look worried.

Working...