Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Slashdot Deals: Deal of the Day - Pay What You Want for the Learn to Code Bundle, includes AngularJS, Python, HTML5, Ruby, and more. ×

Comment Re:WTF... (Score 1) 339

And more generically, you're wrong anyway. If someone rooted one of the seeds of your Linux ISO and stuck a bunch of child porn in it, you're guilty of both downloading and distributing child pornography at that point. It doesn't matter what you say you were doing, or that you didn't produce the ISO. And you can't really detect there's a problem until you've already downloaded the whole ISO so you can hash the file. Now, maybe you get your .torrent files from somewhere secure, but people get onto distro servers with some regularity.

You are wrong on this point, you do not have to download the whole ISO to verify it. Bittorrent combines all the files to be transfered into one big data chunk and then splits up the chunk into pieces which are individually hashed. The resulting .torrent file ends up recording all the hashes from the individual pieces plus a "master" hash which is the hash of all the individual hashes. The master hash is used to check that the .torrent file itself is not corrupted.

This means that if if someone modified an ISO to contain child pornography and then tried to seed this in the same swarm as the unmodified ISO, the pieces containing the data with pornography will fail the individual hash check, thrown away and redownloaded from the swarm. If a single peer repeatedly sends a data piece where the hash check fails, the protocol will assume that his copy of the data is corrupted and ignore that peer. Bittorrent will never upload an incomplete piece to others because until you have the complete piece, you can not be sure that the data in it is correct. The Bittorrent protocol guarantees that the data you have downloaded matches the data described in the .torrent file so if anyone wants you to download child pornography, they will need to give you a .torrent file which says that this data should be included.

If seeding fake data would work, movie studios would have done this years ago. As the protocol stands, seeding fake data will slow the downloading process down because pieces will fail the hash check, get thrown away and downloaded again, but as long as there is at least one person who have the correct data, you will get it eventually

Comment Re:Open source // code review? (Score 1) 69

To be fair, the bug was caused by the Debian OpenSSL package maintainers, not by the OpenSSL developers themselves. Here are some information for the bug in question.

While this bug in Cyanogenmod is different and the developers themselves are responsible for it, it was not shipped in any official build. If it did, it would have been a totally different matter.

Comment Re:Better not use WEP either. (Score 1) 964

Relying on MAC address filtering for security is a terrible idea because it is so easy to circumvent. All a potential attacker needs to do is to wait until at least one legitimate wireless device is connected, and then steal that device's MAC address. This can be done easily with open source tools and is pretty much the same security-wise as hiding the SSID broadcast. It just slows an attacker down for a minute or two.

Comment Unknown "friends" (Score 2) 273

I'm curious about how the "Social Authentication" feature will play out, especially for the facebook users eighter view the friendslist as a sort of competition or who play games that reward users who have many friends playing the game and therefore add friends by the truckload without having any real idea of who they are. There's probably a lot of people playing the latest Zynga game or whatever is popular these days, with an extremely large list of "friend" who they don't know and don't want to know, other that they share the same game interest and it's a win-win in relation to that game. If facebook starts asking questions about these 'friends' then I fear many users will fail the social authentication and then what?

Comment Re:LibreOffice relies heavily on Java, (Score 1) 510

There is some disagreement about the java dependencies. According to, you do NOT need Java "If you do not require database tables or accessibility integration or some wizards" and I would not call this a very heavy relianse. Read more on wiki. I would imagine the same text applies to LibreOffice at this stage.

Comment I do live in the North .. (Score 1) 487

and where I live, DST does not make much sense eighter. The reason being, apart from the short transitional periods, it doesn't make much of a difference anyway. In the summer, we got sunlight 24 hours every day so it doesn't really matter what timezone you follow. And of course in the winter, its the opposite and if you manage to see the sun at all you should consider yourself lucky.

Comment How long? (Score 1) 524

My first reaction to this: If a commercial company has started doing it now, for how long has the terrorists been intercepting the ADS-B signals? I doubt they would go out of their way to tell anyone about it. It's like most security flaws, even if it is now known that a flaw exists, that does not mean nobody knew about it. And people exploiting it would very much prefer that it remains unknown.
First Person Shooters (Games)

Submission + - Microsoft's Kinect boss declares PC gaming dead ( 3

Blacklaw writes: The head of Microsoft's Kinect controller-free gaming platform, Kudo Tsunoda, has risked the ire of the PC gaming community by claiming "hardly anyone" plays PC games.
During a Kinect-related interview, Tsunoda made the brazen statement that "[Microsoft and Bungie's] Halo did an awesome job of building a first-person shooter exclusively for the console, and now hardly anyone plays first-person shooters on the PC."


Submission + - Evercookie - the virtually unrevocable browser coo ( 1

Siteriver writes: Samy Kamkar releases a javascript-based API and working code that appears to provide uber-persistent storage by storing the cookie data in several types of storage mechanisms, including storing cookies in RGB values of auto-generated, force-cached PNGs, several HTML5 containers, and even a way to store data in the browser history. All wrapped up in a simple PHP/javascript package.

Let's organize this thing and take all the fun out of it.