Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:Yay (Score 1) 72

by Ingenium13 (#49480309) Attached to: New Samsung SSD 840 EVO Read Performance Fix Coming Later This Month

Thanks for the info. I was contemplating booting into Windows to run the fix, but it sounds like I might be better off using the live CD. I hadn't run the initial fix, so I'm debating if it's worth it to run it now and then run it again later when they release this fix, or just wait for the new fix.

Comment: Re:Yay (Score 1) 72

by Ingenium13 (#49476925) Attached to: New Samsung SSD 840 EVO Read Performance Fix Coming Later This Month

Is the update that rewrites the data going to be a problem on a LUKS encrypted volume? From what I saw it looks like it only supports NTFS? I also have an NTFS partition on the drive though. I guess I'm just concerned about it borking the LUKS partition.

I hadn't heard about the original firmware update but was wondering why my read performance had gotten so much worse over time. Here I was blaming it on btrfs...

Comment: Re:Jurors (Score 2) 303

The best explanation of asymmetric crypto (not taking authentication into account) that I've seen is mixing two colors of paint to create a third color. Each party can derive the other party's color by "subtracting" their color from the shared mixture. But an intermediary has no way of determining which two colors were mixed. This is an example that pretty much anyone can understand.

Comment: Re:3 hops? (Score 1) 106

by Ingenium13 (#48412277) Attached to: Tor Eyes Crowdfunding Campaign To Upgrade Its Hidden Services

Hidden services actually use 7 hops. The hidden service picks several relays at random and makes them the "introduction points" and pushes this along with the hidden service descriptor. These introduction points are at the end of a normal Tor circuit (ie 3 hops). When a client wants to access the site, it connects to the introduction point also over a Tor circuit. The client and hidden service then randomly pick a relay as a rendezvous point, because you don't want the introduction points overloaded.

At that point, both client and server connect to the rendezvous point over regular Tor circuits, for 7 total hops. All further communication is done over this 7 hop circuit.

Comment: Re:Wireless security (Score 1) 84

by Ingenium13 (#47794515) Attached to: Wi-Fi Router Attack Only Requires a Single PIN Guess

I've actually found that a lot of devices just ignore an invalid (ie not from a trusted CA) certificate for this. Android in particular will happily continue with no prompt to the user that the cert is not trusted. I even had it somehow forget the CA that I specified with the network credentials. I'm not 100% certain on this, but I vaguely remember having an issue with Network Manager also not validating the server certificate with TTLS.

It's just too risky where a device could decide either for "convenience" or incompetence not to notify about an invalid server certificate and go on to divulge that device's login credentials to the MITM. Or a user not configuring a device properly. I don't have to worry about that with regular TLS, it's enforced on the server and if it's invalid it won't connect, period.

Comment: Re:Wireless security (Score 1) 84

by Ingenium13 (#47793375) Attached to: Wi-Fi Router Attack Only Requires a Single PIN Guess

Many devices don't support VPNs (Chromecast for example), and the ones that do don't usually have openvpn as a built in option. Not to mention the increase in battery usage on mobile devices due to keepalives. This mostly restricts your wireless devices to laptops and select tablets or smartphones. If you really don't trust WPA then just make some LAN resources accessible by VPN only (over WPA), but allow internet access without it. Any sites with sensitive data should be using TLS anyway.

Also, WPA2-Enterprise is pretty secure if you only use TLS auth, not TTLS where you use a username/password combo (too easy for a MITM), but regular TLS auth that uses client certificates. It's less effort to setup than a VPN, and you get VPN level authentication, plus support on a much wider range of devices out of the box. This is what I use, and I have a second SSID that uses WPA2-PSK for the few devices that don't support WPA2-Enterprise.

Comment: Re:So they update it, but... (Score 1) 202

by Ingenium13 (#47450243) Attached to: New Raspberry Pi Model B+

I completely disagree. I've been using a Model B with xbian for over 6 months now and it plays everything I throw at it flawlessly, even high bitrate 1080p h.264 videos. Sometimes the navigation can have a little latency, or transitions from one category to another (like switching from TV Shows to Movies on the main screen) can stutter or not be smooth, but I partially attribute that to my huge library and the underpowered CPU. The actual video playback itself is always flawless though. I was impressed when I first set it up, I didn't expect it to work as well as it does.

Comment: Re: Not surprising. (Score 5, Informative) 378

There was a post on here several years ago about this same issue on Tritan and Tranax ATMs where the operators never changed the default passwords. What they would do is change the denomination that's in the drawer, so the ATM thinks it has $1 bills instead of $20 bills. They would then use a prepaid credit/debit card (like the Greendot ones you can get pretty much anywhere) to withdraw say $200. Rather than giving 10 $20 bills like it's supposed to, the machine would spit out 200 $20 bills.

Comment: Re:Memory usage? (Score 4, Informative) 115

by Ingenium13 (#46700001) Attached to: Google Chrome 34 Is Out: Responsive Images, Supervised Users

Wow, that's surprising. Chrome eats memory on Ubuntu 12.04. Using version 34, with 19 tabs open, I'm using 2.9GB of private memory and 1GB proportional. This page is using 150MB for me. Maybe it's a 64-bit thing? After a day or so memory usage will approach 6-8GB.

I've found gmail to be particularly bad. My gmail tab is at 400MB right now, but within 24 hours it will balloon to 1GB and then keep growing. I think it usually ends up around 2-2.5GB after a few days, but I've seen it higher. I think there must be some kind of JS memory leak or something.

That said, it's not usually that big of a deal for me. I have 16GB of RAM, most of which is just cache unless I load a VM. Chrome's memory leaks do force me to close the browser and restart it though when I need to free up a few GB for running multiple simultaneous VMs.

365 Days of drinking Lo-Cal beer. = 1 Lite-year

Working...