Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:Users are *bad* at choosing passwords (Score 1) 159

by MetricT (#49349551) Attached to: Many Password Strength Meters Are Downright Weak, Researchers Say

Passphrases *can* be done securely; most people won't. They will concatenate simple words, which means if I have a dictionary of, say, the top 1,000 words, it's still reasonably feasible to crack.

For instance, here are some long passphrase-like passwords that I cracked from the LinkedIn debacle. They used plain MD5 as the hash, which admittedly helps cracking a lot. I haven't tried the depleted hash list in a long time, but I'm willing to bet with advances in both OCLHashcat and my own skills, I could get quite a bit more.

24 sociological imagination
24 linkedinlinkedinlinkedin
23 newlinkedinpassword1234
22 harekrishnaharekrishna
21 networknetworknetwork
21 managerialeconomics23
20 vaffanculovaffanculo
20 serafimovaserafimova
20 Restoration Hardware
20 powerpowerpowerpower
20 keepitrealkeepitreal
20 kazakhstankazakhstan
20 internationalnetwork
20 crisscrossapplesauce

At the end of the day, there's just no substitute for a long random password.

Comment: Users are *bad* at choosing passwords (Score 5, Insightful) 159

by MetricT (#49346699) Attached to: Many Password Strength Meters Are Downright Weak, Researchers Say

I run a GPU cracker on my user's password hashes to preemptively weed out weak passwords. Several times I have seen them try to change it from (for example) "password" to P@ssw0rd99", which in a certain sense is significantly more complex, but OCLHashCat has rules for capitalization, leet-speak, appending/prepending numbers. You've only changed the time it takes to crack that hash from fractions of a second to a few minutes.

The only highly secure password requires long, random characters. Given a choice, users will always prefer an easy-to-remember password because it makes their life easier. Unfortunately, it also makes the bad guy's life easier, and the sysadmin's life harder.

Websites should be required to disclose the hash format they are storing user's passwords in, to hopefully prevent another Linkedin plain-md5 type debacle.

Comment: Mostly academic... (Score 1) 68

by MetricT (#49270435) Attached to: GCHQ Builds a Raspberry Pi Super Computer Cluster

I manage a large compute cluster for my job. I also have a Pi and love it for what it is. Building a Pi cluster could give people an opportunity to try parallel programming, and learn the sysadmin side like getting a scheduler working or using Salt or similar management tool to manage a cluster.

However, I imagine a single Intel i5-4960 would smoke a 64-node Pi cluster. It's a worthwhile experiment, but probably not the best thing for most real-world use.

Comment: I'm not saying it's aliens, but it's aliens... (Score 1) 28

by MetricT (#49137773) Attached to: Ceres' Mystery Bright Dots May Have Volcanic Origin

When I was younger, I remember reading a sci-fi novel about aliens in our solar system who were overseeing mankind's growth.

The aliens chose their base on Ceres because the asteroid field offered nigh-unlimited resources outside the confines of a gravity well, because Ceres had water for living and powering fusion engines, and because it was far enough away from earth to stay out of sight.

While those two white spots *could* be an example of cryovolcanism, I think that we can all agree that ancient abandoned alien city is really the more likely choice ;-)

Comment: Re:What are the practical results of this? (Score 2) 430

by MetricT (#48934911) Attached to: FCC Officially Approves Change In the Definition of Broadband

I'm lean moderately libertarian, but understand what a natural monopoly is. It's not libbys per se, more a Tea Party thing.

Some people are so seduced by the simplicity, the elegance, of an ideology, that they never pause to consider whether it is actually *correct*. They don't want to let annoying things like facts mar the beauty of their True Beliefs.

Having tried to teach them a few things, I have learned the hard way that they are paranoid, ignorant, and completely reject any information that doesn't conform to their beliefs.

"97% of scientists believe man-made global warming is right."

"See, it's not unanimous!!!!"

"If 97% of doctors told you the mole on your cheek was malignant, wouldn't you get it removed?"

"You're a liberal elitist."

They can't be bargained with. They can't be reasoned with. They doesn't feel pity, or remorse, or fear. As far as I can tell, they are mentally-challenged Terminators.

Comment: We're turning into wimps (Score 4, Informative) 230

by MetricT (#48629361) Attached to: "Team America" Gets Post-Hack Yanking At Alamo Drafthouse, Too

The United States has the planet's largest ocean between us and North Korea, the most powerful military the world has ever seen, and enough nuclear firepower to take the entire surface area of North Korea and give it escape velocity. And yet we wimp out on... showinging a 10-year old movie because it might make a tin-plate dictator mad? Seriously?

Comment: The modern day "Chewbacca Defense" (Score 5, Insightful) 308

by MetricT (#48373597) Attached to: AT&T To "Pause" Gigabit Internet Rollout Until Net Neutrality Is Settled

"We're going to stop doing that thing that we've been promising for years that we were gonna get around to doing one of these days, but never actually got around to doing, because OBAMA"

It's sad, but adding "Obama" to any argument has become the modern day equivalent of the "Chewbacca Defense", and has been used to rationalize some profoundly stupid decisions. Even sadder, because it seems to work.

I'm a moderate (r)epublican, and it's *lonely* nowdays. The intelligent ones liked David Frum have been muffled or sidelined. Meanwhile, the Wingnut Brigade as personified by Ted Cruz is always on the lookout to shoot the public in the foot for the sake of rich people.

Comment: When pet theories die... (Score 5, Insightful) 137

by MetricT (#48345227) Attached to: CERN May Not Have Discovered Higgs Boson After All

Many in the physics community were hoping for a "weird" Higgs boson, which might point the way towards new physics such as supersymmetry or technicolor.

Alas, the Higgs boson we actually discovered doesn't seem to require any new physics. It's covered by the Standard Model. It is, by physics standards, annoying dull. This has done a good job of killing off several people's pet theories (some models of supersymmetry and technicolor).

Rather than just admit that "when you hear hoofbeats, think of horses not zebras" (ie, the simplest explanation is usually the right one), they are busy adding epicycles to their pet theories to try to accommodate reality (which, admittedly, is how science works).

Being sensationalist and dumb, journalists hear things like "it *may be* that...", and trump up all sorts of stupid headlines like "ZOMG, scientists didn't discover Higgs after all." And we get Slashdot posts like this.

Comment: Real-world Moore's Law is toast... (Score 1) 96

by MetricT (#47650721) Attached to: Intel's 14-nm Broadwell CPU Primed For Slim Tablets

The transistor budget may still be scaling according to Moore's law, but that's failing to translate into real-world speed increases. The 5% increase in single-core IPC is weak sauce. And an annoying number of apps don't scale to multiple processors, or scale badly (Amdahl's law is unforgiving...)

You can add more cores, add more compute units to your GPU, or add DSP (Broadwell) or FPGA (Xeon), but that has an ever decreasing marginal impact on real-world speed.

We're probably stuck in a "5% IPC increase per tick/tock" world until they eventually shift off silicon onto Something Else (III-V semiconductors or something more exotic like graphene)

Comment: There's a Ferrari shortage too... (Score 3, Insightful) 401

by MetricT (#47396341) Attached to: No Shortage In Tech Workers, Advocacy Groups Say

I can't buy a Ferrari for $100, by the same logic, that means there *must* be a Ferrari shortage! Something must be done!!!

Hint: reward good people, and you won't have problems finding good people. The problem is these miserly capitalist/MBA types who feel tech types are getting all "uppity" for wanting a decent salary for their 4 year STEM degree and often 2-6 years of grad school to boot, because doing that takes away from their quarterly bonus.

How can you work when the system's so crowded?