Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment: Sadly, gas is cheaper than electricity in CA (Score 3, Interesting) 651 651

I just bought a Ford C-Max Energi; but I bought it strictly for the green carpool-lane sticker.

In California, if you live in a big house, your marginal cost of electricity is shockingly high. For me, it's $0.33/kilowatt-hour.

My Energi goes 20 miles with a 8 kWh charge. That's $2.64 On gas, it gets about 35 mpg. If gas is $3.50 (current price) that's $2.20.

Now, during mid-day on a sunny day, I can charge it much cheaper on our solar panels (currently we are selling power back to PG&E, but at $0.11/kWh) and I do that. I also charge it at work, where it's 'free'; but I live 50 miles from work so I can't keep the car charged just at work. The 'free' power at work won't last forever, either.

You may ask "why not get a Tesla?" Good question. It turns out that there are (at my company) 3x the number of electric-ish cars as there are charging stations, so we have to swap them out after just a few hours. The Tesla would take all day to charge. Also, the Tesla is such a lumbering overpowered beast that it gets substantially less miles-per-kilowatt-hour.

Thad

Comment: Reading her mind... (Score 1) 130 130

Somebody I know started taking antidepressants some time ago, and they helped the depression quite a bit. One curious thing, though, is that once she is taking them, she assumes that I can read her mind; that I obviously know what she is thinking. She stopped taking them for a while, and it was immediately apparent that she no longer felt that way, then when she started taking them again, it was back.

Comment: Hackers love admin accounts (Score 1) 52 52

I have an ssh honeypot analyzer at longtail.it.marist.edu at Marist College and it shows that the second most popular account after root is "admin", and that the most common account/password tried is ubnt/ubnt.

Anybody who's been paying attention knows that default passwords on home routers are high on the bad guy's list of accounts to hack.

+ - LongTail@Marist shows sshPsycho SSH attackers moving to new IP addresses

CSG_SurferDude writes: LongTail Log Analyzer shows that as of May 4th, 2015, sshPsycho (also know as Hee Thai attackers or Group 93) have stopped attacking from their primary subnets. Their last recorded attack was at 12:06:11 AM, EST. This is most likely due to the efforts of Cisco and Level 3. Other traffic has shown a significant increase in activity that in many cases can be related to known ssh attack patterns that sshPsycho used from their primary class C networks. With over over 5 million attempts recorded and over 20 thousand "Attack Patterns" recorded and analyzed LongTail is able to show that they have picked up their toys and are now looking for a new playground to play in.

The LongTail SSH Honeypot AND the analysis tools are released upder GPLV2 and are available for BETA testing at GitHub

Comment: Re:$30 (Score 4, Informative) 515 515

DreadPirate, you are really not calculating correctly. I know it sounds cheap, but it isn't. If you can get there for $30 in gas, that's 40 miles per gallon -- not bad. Still, that's 7.5 cents/mile.

Say you bought a used car for $10,000, and can drive it for 100,000 miles. That's 10 cents a mile. More than gas.

Oil changes every 5,000 miles at $40? That's another penny a mile.

Tires at $300 every 30,000 miles? Another penny a mile.

Let's not talk about what your time is worth (you might really enjoy the drive), or insurance (not too dependent on miles driven) -- but still, that's about 20 cents a mile, or $80.

Most people don't really like to think how expensive driving is, but it isn't cheap. We have been taught that it's all about the gas, but it just isn't.

Comment: Re:why so long (Score 3, Interesting) 136 136

It's kind of interesting.

One of the big reasons that they thought it would be limited to 90 days is that the solar panels get covered in dust, and as that happens the amount of energy collected diminishes. They figured in about 90 days, based on previous missions to Mars, they'd be out of juice.

And...for the first 50 days or so, it was going that way. And then, a whirlwind came by, and scrubbed the rover clean. This has happened many many times since. An unexpected good fortune.

+ - LongTail shows sshPsycho causes 80% of SSH Brute Force attacks

CSG_SurferDude writes: Marist College in Poughkeepsie, New York, as part of their interest in computer and network security is now hosting LongTail, an ssh brute force attack analyzer. In addition to the standard "What passwords were tried", LongTail also analyzes and compares "Attack Patterns". With over 4 million attacks recorded so far, and over 17 thousand "Attack Patterns" recorded and analyzed, it appears that Cisco and Level 3's recent announcment about sshPsycho (also known as "Group 93") has done nothing to stop their brutal attacks. SshPsycho has control and strong influence over more hosts than are covered by Cisco's announcement. Possibly best of all, the SSH Honeypot AND the analysis tools are released upder GPLV2 and are available for BETA testing at GitHub

Comment: Re:cryptobracelet (Score 2) 116 116

We'll see.

It's absolutely wrong that I am proposing a 'stealable' ID. No, it's not that at all. Like NFC (ApplePay and others) you don't send out your ID, your bracelet will engage in a two-way conversation that uses generates unique identifiers every time that prove that it's you without giving the system communicating with you the ability to impersonate you. It's not hard at all; we should have been doing this years ago. This is described in Bruce Schneier's Applied Cryptography twenty-fucking-years ago. Chapter 21(Identification Schemes) describes "zero-knowledge proof of identity". Curiously, researchers Feige, Fiat, and Shamir submitted a patent application in 1986 for this, but the Patent Office responded "the disclosure or publication of the subject matter ... would be detrimental to the national security..." The authors were ordered to notify all Americans to whom the research had been disclosed that unauthorized disclosure could lead to two years' imprisonment, a $10,000 fine, or both. Somewhat hilarious, as the work was all done at Weizmann Institute in Israel.

That said, I do think that groups like the NSA and FBI have been quite successful in keeping people (like Jeff4747) remarkably uneducated. Banks, credit card companies, and groups like Google that make gigabucks tracking people have held back from doing things right as well -- and they're paying for it today.

To say again. It is easy to build a system that would securely verify that you have authority to do something, without giving the ability for somebody else to impersonate you. It's somewhat more challenging than printing number in plastic on a credit card, but only a tiny bit more challenging.

This will happen. Once it does people will wonder why it took so long.

Comment: Re:cryptobracelet (Score 1) 116 116

The problem with phones is that you can lose them or break them or have them stolen. I agree that it's a good place to start, though.

I believe that the RFID tag that Coren22 suggests don't have, and can't have, the processing power required to do this right. You don't want to say "Yes, I'm 132132123123", that would be *way* too easy to fake. You want to have a back-and-forth communication that shows that you are who you are, without giving away your ID.

I think the bracelet would become a status symbol -- the status being "yeah, I care about security." I'm actually not kidding.

Comment: cryptobracelet (Score 1) 116 116

At some point, and my guess is pretty darn soon, reasonable people are going to have a very secure cryptobracelet that they never take off, or if you take it off it will never work again.

The bracelet would work like the NFC chip in current phones, it would create unique identifiers for each transaction, so you can be verified that you are who you are without ever broadcasting your identity.

Then, all email and every other communication can easily be encrypted, securely, and without adding complication. You won't have to worry about remembering a hundred passwords, or about what happens when the store you bought things from is hacked, or that a library of 100 millions passwords will find yours.

I grant that some will protest that this is not natural (I don't want to wear something on my wrist!) but people do a hundred other unnatural things every day (brush their teeth, use deodorant, wear glasses, live longer than fifty years...) The benefits will be enormous, the changes minimal, and this will be led, I believe, by thought leaders.

He who steps on others to reach the top has good balance.

Working...