Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:SD Cards == exploitable (Score 1) 178

by Frogg (#48389691) Attached to: Ask Slashdot: Is Non-USB Flash Direct From China Safe?
Granted, an exploited SD card can't pretend to be other USB devices (like BadUSB), but the exploit is similar to BadUSB in as much as it means the card's firmware can be re-written and malware can basically MITM your data / the device it's inserted into — so, theoretically at least, the card could be made to further exploit any vulnerabilities in the device it is talking to...

Comment: SD Cards == exploitable (Score 1) 178

by Frogg (#48389653) Attached to: Ask Slashdot: Is Non-USB Flash Direct From China Safe?

FYI... Sean "xobs" Cross and Andrew "bunnie" Huang disclosed low-level vulnerabilities in SD cards (as far as I can tell: on par with- and related to- the more recent BadUSB-type hacks) at a 30C3, back in December 2013.

For further details, see:-

Comment: Overlooking the obvious (Score 4, Informative) 570

by Frogg (#44610185) Attached to: The Steady Decline of Unix
The article completely neglects the fact that OS X is a fully certified Unix, and, whilst OS X might not be overly popular in the server market, it certainly has a very large percentage of the desktop market. So yeah, perhaps the old-school companies that provide Unix OSes for servers may be in their 'last days', but Apple's OS X has brought Unix to the masses via the desktop, so Unix certainly isn't going to die any day soon.

Comment: Linux-based Games Console? (Score 2) 219

by Frogg (#41226873) Attached to: Valve Job Posting Confirms Hardware Plans

...after recent comments from Valve re. developing on Linux (easy to port to, better performance than DirectX, ability to work with / feedback commits to driver devs, etc) — plus Gabe Newell recently calling Windows 8 a catastrophe — I would not be at all surprised if we saw a Valve-branded Linux-based games console in the near future.

But maybe that's just wishful thinking on my part?

Comment: Re:Prompt Payments would help them :/ (Score 1) 85

by Frogg (#40744689) Attached to: Microsoft Lays Out Money-Making Options For Windows Store Developers

What I mean is: unless app development is low investment, low risk and quick turnaround -- with the business intelligence to back that up (daily- or at least weekly- sales stats), coupled with prompt payments -- it's just a no-go for small/indy developers and/or small projects/apps. Word about the state of Microsoft re. third-party app developers is already getting around, so my guess is they'll just have to take it on the chin, as Metro/Win7phone apps will be slow coming because of this.

But hey, what's new? ;)

Comment: Prompt Payments would help them :/ (Score 1) 85

by Frogg (#40744567) Attached to: Microsoft Lays Out Money-Making Options For Windows Store Developers

It's all well and good Microsoft copying Apple's business model here, but until they copy Apple with regards to paying their third-party devs, iOS developers will always be happier than Windows7/mobile/WindowsStore devs.

- Here's how it works with Apple: you get to view daily stats for your sales, and you get paid for that month's sales at the end of the month. Boom!
- Here's how it works currently with Microsoft: you have no idea about sales until months and months have elapsed, and then they tell you you'll get paid some months even later than that. tell me Microsoft, is this enough incentive to retain any of the 'developers developers developers' that you may attract, so that they will go on to develop more than a single product?


Microsoft are at an all time low at the moment. They're a lumbering hippo in the IT world, surviving solely through their clout and might. Lots of other companies 'get it' and are far more agile. It'll be Zunes all the way down if they're not careful.

Comment: Go language (Score 2) 793

by Frogg (#40525061) Attached to: What's To Love About C?

I like C, and have used it a lot on and off over the years (and probably will still have to again, at some point) - but recently I've been totally loving programming in Google's Go language: it's just fricking awesome, for so many reasons! :)

I think Go is destined for Good-Things(tm) in the future

Comment: bigdata & !idle (Score 1) 105

by Frogg (#39945673) Attached to: US Metaphor-Recognizing Software System Starts Humming

why is this story categorised as 'idle'?? it's a perfectly valid news story about artificial-intelligence/machine-learning & big-data, the kind of story that is becoming more and more common as time progresses -- this is the future!

i've added the tag 'bigdata' to the story more than once, but it keeps getting removed -- why are people so clueless?

i even logged for the first time in years, just so i could set the correct tags. meh.

Comment: Language isolates (Score 1) 318

by Frogg (#35847634) Attached to: All Languages Linked To Common Source

I'd like to know how on this grand scheme languages such as Basque are reconciled? - along with a couple of other languages, the Basque language is classified as a language isolate. Although most of these have become isolates in fairly recent history (and therefore shouldn't be too hard to link to a language 'tree') Basque is a tricky one because it's been an isolate for as long as it has been recorded, and does not share its roots with other Indo-European languages.

I read the article (for once) but it didn't go anywhere near those kinds of details - which I find kinda odd: I would've thought when it comes to grand unifying theories of language that linguists would've been all over the issue of isolate languages like a rash.

The chart/diagram in the Economist article did have Basque on it - 'near' Greek and Russian.

Sure it's a damned interesting idea to be able to link all languages to a common source -- but the article makes it seem as though this one all boils down to plotting languages according to similarities, and then best-fitting a line across the chart. I hope there's a lot more to it than that -- otherwise it's not really a discovery, but merely an interesting hypothesis in my book.

(for those interested Wikipedia on Basque language history)

Comment: Re:Are MD and SHA easily reversible? (Score 1) 409

by Frogg (#35150208) Attached to: Are You Sure SHA-1+Salt Is Enough For Passwords?

Ok - yeah, my point was valid, but the problem space is indeed not very large for 6-character alpha-numeric passwords.

But I stand corrected, because as the AC points out with the posted link: using a slower algorithm will indeed throw a spanner in the works for any cracker.

In the past we've implemented password hashing using Blowfish, and we set a minimum password length of 8 - which is an improvement I guess.

Why isn't Bcrypt benchmarked on the page linked to ( from the how-to-safely-store-a-password page? It makes it difficult to make a true comparison.

Comment: Are MD and SHA easily reversible? (Score 4, Interesting) 409

by Frogg (#35149798) Attached to: Are You Sure SHA-1+Salt Is Enough For Passwords?

I don't get it - surely it shouldn't matter if someone gains access to the password verification routine, the salt and the encrypted passwords... unless the password hashing/encryption is easily reversible?

They've still got to try and brute force match the encrypted data with a dictionary attack - sure, having the salt makes it easier - but if you've got the salt and the encrypted passwords it doesn't matter what encryption algorithm is used, you've still got to use a brute force dictionary attack. Most encryption algorithms aren't easily reversible - and that's the whole point.

To downgrade the human mind is bad theology. - C. K. Chesterton