Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:WTF... (Score 1) 339

by Esospopenon (#41853229) Attached to: $1,500,000 Fine For Sharing 10 Movies On BitTorrent

And more generically, you're wrong anyway. If someone rooted one of the seeds of your Linux ISO and stuck a bunch of child porn in it, you're guilty of both downloading and distributing child pornography at that point. It doesn't matter what you say you were doing, or that you didn't produce the ISO. And you can't really detect there's a problem until you've already downloaded the whole ISO so you can hash the file. Now, maybe you get your .torrent files from somewhere secure, but people get onto distro servers with some regularity.

You are wrong on this point, you do not have to download the whole ISO to verify it. Bittorrent combines all the files to be transfered into one big data chunk and then splits up the chunk into pieces which are individually hashed. The resulting .torrent file ends up recording all the hashes from the individual pieces plus a "master" hash which is the hash of all the individual hashes. The master hash is used to check that the .torrent file itself is not corrupted.

This means that if if someone modified an ISO to contain child pornography and then tried to seed this in the same swarm as the unmodified ISO, the pieces containing the data with pornography will fail the individual hash check, thrown away and redownloaded from the swarm. If a single peer repeatedly sends a data piece where the hash check fails, the protocol will assume that his copy of the data is corrupted and ignore that peer. Bittorrent will never upload an incomplete piece to others because until you have the complete piece, you can not be sure that the data in it is correct. The Bittorrent protocol guarantees that the data you have downloaded matches the data described in the .torrent file so if anyone wants you to download child pornography, they will need to give you a .torrent file which says that this data should be included.

If seeding fake data would work, movie studios would have done this years ago. As the protocol stands, seeding fake data will slow the downloading process down because pieces will fail the hash check, get thrown away and downloaded again, but as long as there is at least one person who have the correct data, you will get it eventually

Comment: Re:Open source // code review? (Score 1) 69

by Esospopenon (#41750803) Attached to: CyanogenMod Android ROMs Accidentally Logged Screen Unlock Patterns

To be fair, the bug was caused by the Debian OpenSSL package maintainers, not by the OpenSSL developers themselves. Here are some information for the bug in question.

While this bug in Cyanogenmod is different and the developers themselves are responsible for it, it was not shipped in any official build. If it did, it would have been a totally different matter.

Comment: Re:Better not use WEP either. (Score 1) 964

by Esospopenon (#35930090) Attached to: Bizarre Porn Raid Underscores Wi-Fi Privacy Risks
Relying on MAC address filtering for security is a terrible idea because it is so easy to circumvent. All a potential attacker needs to do is to wait until at least one legitimate wireless device is connected, and then steal that device's MAC address. This can be done easily with open source tools and is pretty much the same security-wise as hiding the SSID broadcast. It just slows an attacker down for a minute or two.

Comment: Unknown "friends" (Score 2) 273

by Esospopenon (#35013340) Attached to: Facebook Launches Social Login and HTTPS
I'm curious about how the "Social Authentication" feature will play out, especially for the facebook users eighter view the friendslist as a sort of competition or who play games that reward users who have many friends playing the game and therefore add friends by the truckload without having any real idea of who they are. There's probably a lot of people playing the latest Zynga game or whatever is popular these days, with an extremely large list of "friend" who they don't know and don't want to know, other that they share the same game interest and it's a win-win in relation to that game. If facebook starts asking questions about these 'friends' then I fear many users will fail the social authentication and then what?

Comment: Re:LibreOffice relies heavily on Java, (Score 1) 510

by Esospopenon (#34225252) Attached to: Where Do I Go Now That Oracle Owns OpenOffice.org?
There is some disagreement about the java dependencies. According to OpenOffice.org, you do NOT need Java "If you do not require database tables or accessibility integration or some wizards" and I would not call this a very heavy relianse. Read more on OpenOffice.org wiki. I would imagine the same text applies to LibreOffice at this stage.

Comment: I do live in the North .. (Score 1) 487

by Esospopenon (#34090876) Attached to: iPhone Alarm Bug Leads To Mass European Sleep-in
and where I live, DST does not make much sense eighter. The reason being, apart from the short transitional periods, it doesn't make much of a difference anyway. In the summer, we got sunlight 24 hours every day so it doesn't really matter what timezone you follow. And of course in the winter, its the opposite and if you manage to see the sun at all you should consider yourself lucky.

Comment: How long? (Score 1) 524

by Esospopenon (#33778400) Attached to: US Says Plane Finder App Threatens Security
My first reaction to this: If a commercial company has started doing it now, for how long has the terrorists been intercepting the ADS-B signals? I doubt they would go out of their way to tell anyone about it. It's like most security flaws, even if it is now known that a flaw exists, that does not mean nobody knew about it. And people exploiting it would very much prefer that it remains unknown.
First Person Shooters (Games)

+ - Microsoft's Kinect boss declares PC gaming dead-> 3

Submitted by Blacklaw
Blacklaw (311963) writes "The head of Microsoft's Kinect controller-free gaming platform, Kudo Tsunoda, has risked the ire of the PC gaming community by claiming "hardly anyone" plays PC games.
During a Kinect-related interview, Tsunoda made the brazen statement that "[Microsoft and Bungie's] Halo did an awesome job of building a first-person shooter exclusively for the console, and now hardly anyone plays first-person shooters on the PC.""

Link to Original Source

+ - Evercookie - the virtually unrevocable browser coo-> 1

Submitted by Siteriver
Siteriver (1435883) writes "Samy Kamkar releases a javascript-based API and working code that appears to provide uber-persistent storage by storing the cookie data in several types of storage mechanisms, including storing cookies in RGB values of auto-generated, force-cached PNGs, several HTML5 containers, and even a way to store data in the browser history. All wrapped up in a simple PHP/javascript package."
Link to Original Source

Consultants are mystical people who ask a company for a number and then give it back to them.