Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Have my digital life story, but get out of my yard (Score 1) 168

by Dell Brandstone (#49037451) Attached to: NoFlyZone.org Aims To Keep the Airspace Above Your Home Drone-Free

I have noticed that everyone that has expressed deep concern to me about drone spying seems to have little to not a care in the world about digital mass surveillance. Based on this correlation, I wonder if, amusingly, this list may be a great way to identify easy targets for digital identity theft.

Seriously though, when I think of the resulting abuses from the do-not-call registry idea, where for a nominal fee, marketers could get a full list of these active, valued phone numbers, I can't help thinking of the abuses. What does this group of people have in common, and can that be leveraged with political messaging in support of a particular state or federal party?

I'm not going to speculate on how many people will refer to the registry while logging their drone's flight plan with the FAA.

Comment: Re:http://www.system76.com/ (Score 2) 708

by Dell Brandstone (#37827200) Attached to: Ask Slashdot: GNU/Linux Laptops?

Not to be a nitpicker, but that site looks like a cheesy rip-off of Apple... Why do companies insist on doing this? Be original. Personally, I like the Asus laptops with a Costco return policy. 2 years only, but no hassle.

Look at this picture, particularly the bezel right below the screen, reflecting the keyboard... what is with all that warping????
http://www.system76.com/product_images/serval-8f6a631ac4a249b.png

Comment: Re:Not really cracking the passwords. (Score 2) 165

by Dell Brandstone (#37515462) Attached to: Aussie Researcher Cracks OS X Lion Passwords

Addendum (also, this problem is not just bad because of the password hash exposure):
You could argue that brute forcing passwords is not the most common approach. For example, harvesting a million accounts and walking away with the passwords that can be cracked through an efficient "smart dictionary" attack, and abandoning the other ones, is probably bar far the most common harvesting strategy.

It's sort of like putting a club on your car.. It's not that they can't steal your car... but there's an easy to steal one next to yours.

So having a hash+salt with SHA-512, and a secure password? If you have a cryptographically strong password, this is a low severity aspect of the problem. The other issue is being able to use the same dscl subsystem to *change* passwords, under certain circumstances, without using credentials. If you can change the logged-in user's password, su to them, sudo /bin/sh, and then reinstall the old salt/hash into the compromised account, you can effectively root the box without damaging the target user's credentials.

Comment: X is a four letter word (Score 0, Troll) 460

by Dell Brandstone (#30940698) Attached to: 2 Displays and 2 Workspaces With Linux and X?

Windows 2000 did this flawlessly in 1999. My powerbook did it flawlessly in 2002.

My Ubuntu 9.10 and Gnome XFCE desktops still cannot do this properly today.

X is needed for many things in enterprise... SPECTRUM, polling, whatever. Great. Run X when you need it, use something that isn't a terrible piece of junk the rest of the time.

It's time to bin X.

-db

Never worry about theory as long as the machinery does what it's supposed to do. -- R. A. Heinlein

Working...