Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
What's the story with these ads on Slashdot? Check out our new blog post to find out. ×

Comment Have my digital life story, but get out of my yard (Score 1) 168

I have noticed that everyone that has expressed deep concern to me about drone spying seems to have little to not a care in the world about digital mass surveillance. Based on this correlation, I wonder if, amusingly, this list may be a great way to identify easy targets for digital identity theft.

Seriously though, when I think of the resulting abuses from the do-not-call registry idea, where for a nominal fee, marketers could get a full list of these active, valued phone numbers, I can't help thinking of the abuses. What does this group of people have in common, and can that be leveraged with political messaging in support of a particular state or federal party?

I'm not going to speculate on how many people will refer to the registry while logging their drone's flight plan with the FAA.

Comment Re:http://www.system76.com/ (Score 2) 708

Not to be a nitpicker, but that site looks like a cheesy rip-off of Apple... Why do companies insist on doing this? Be original. Personally, I like the Asus laptops with a Costco return policy. 2 years only, but no hassle.

Look at this picture, particularly the bezel right below the screen, reflecting the keyboard... what is with all that warping????
http://www.system76.com/product_images/serval-8f6a631ac4a249b.png

Comment Re:Not really cracking the passwords. (Score 2) 165

Addendum (also, this problem is not just bad because of the password hash exposure):
You could argue that brute forcing passwords is not the most common approach. For example, harvesting a million accounts and walking away with the passwords that can be cracked through an efficient "smart dictionary" attack, and abandoning the other ones, is probably bar far the most common harvesting strategy.

It's sort of like putting a club on your car.. It's not that they can't steal your car... but there's an easy to steal one next to yours.

So having a hash+salt with SHA-512, and a secure password? If you have a cryptographically strong password, this is a low severity aspect of the problem. The other issue is being able to use the same dscl subsystem to *change* passwords, under certain circumstances, without using credentials. If you can change the logged-in user's password, su to them, sudo /bin/sh, and then reinstall the old salt/hash into the compromised account, you can effectively root the box without damaging the target user's credentials.

Comment X is a four letter word (Score 0, Troll) 460

Windows 2000 did this flawlessly in 1999. My powerbook did it flawlessly in 2002.

My Ubuntu 9.10 and Gnome XFCE desktops still cannot do this properly today.

X is needed for many things in enterprise... SPECTRUM, polling, whatever. Great. Run X when you need it, use something that isn't a terrible piece of junk the rest of the time.

It's time to bin X.

-db

"Don't tell me I'm burning the candle at both ends -- tell me where to get more wax!!"

Working...