Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment Re:US to be Blamed (Score 1) 76

small ones run by real Americans apparently are fine

What the fuck is a "real American"? Is it the Canadian-born son of a Cuban refugee who's running for President? Is it the naturalized Iraqi-American who owns a convenience store? How about an Australian who owns some of the most powerful media outlets in the US along with a Saudi prince?

Please enlighten us.

I'm all for gutting Wall Street, but when I hear that kind of populism paired up with phrases like "real American" I kind of get the willies.

Comment Re:Blame It On (Score 1) 76

John F. Kennedy; his Hollywood pimp, Peter Lawford; and Jack Mankiewicz, who left JFK's cabinet to become head of the MPAA. That's just history.

I seem to recall a president back in the '80s that had some ties to Hollywood, too. A union organizer and former actor, if memory serves. Wife a former showgirl.

Comment Re:Teensy 3.1 (Score 1) 28

You just put the whole teensy on your breadboard, just like the way you would normally get an Arduino on a breadboard; you get an Arduino Nano. You can get them from China for less than $4, if you don't mind getting a knockoff.

Comment Re:It's too late (Score 1) 367

Iowa isn't a city, unless I'm unaware of a mid-size city named Iowa somewhere.

The problem with a lot of these places, however, from my point of view, is employment. As a software engineer (probably not uncommon on this site), some cities are good places to find employment, others simply are not. I asked "what's left" because I'm seriously thinking about what my next port-of-call will be; I don't plan to stay at my current location for more than maybe one year. My plan was to go spend a couple of weeks in both Seattle and Portland and see what the situation there was like, but I'm reading more and more problematic things about those places, so I'm open to other cities. But they have to have a decent employment situation above all else. The second big consideration is climate, which rules out Austin (colder is fine with me; hot, sunny places are out). Third is the male/female ratio, which I hear is a big problem in Seattle. NYC would be great for this, but the employment situation seems to be horrible there for my field (and I'm really not interested in doing financial programming). The fourth big consideration of course is cost-of-living, relative to prevailing salaries; I've noticed that employers in some areas are real cheap-asses on salaries even though the CoL in those places isn't that low.

Surely I'm not the only one here who's mobile, unattached, looking for a new and better place to go, and thinking about these things.


Disclosed Netgear Flaws Under Attack ( 12

msm1267 writes: A vulnerability in Netgear routers, already disclosed by two sets of researchers at different security companies, has been publicly exploited. Netgear, meanwhile, has yet to release patched firmware, despite apparently having built one and confirmed with one of the research teams that it addressed the problem adequately. The vulnerability is a remotely exploitable authentication bypass that affects Netgear router firmware N300_1.1.0.31_1.0.1.img, and N300- The flaw allows an attacker, without knowing the router password, to access the administration interface.

Comment Re:Will Use Neither (Score 1) 87

Bingo. Zero knowledge encrypted storage service providers of pretty much any stripe all suffer from the same flaw:

You are trusting them to provide you the software you are entering your decryption keys into when its time to decrypt anything.

How do you that software doesn't send them the keys? You don't.
Even if it doesn't, today, and they send you an udpate, how do you know the update doesn't send them the keys? You don't.

And if you are using a web based service... they don't even have to send you a client update; you get the latest 'client' pushed from the website automatically every time you login. Did you audit all that javascript to make sure it wasn't sending your key up? Did you compare the javascript served to you today to the javascript you audited yesterday?

It fundamentally requires that you trust them not to steal your keys, and that you continue to trust them each time you visit their site / or update the client.

Your best solution to achieve real security is to use one provider for storage (doesn't really matter who...dropbox or google or use the NSA directly if you like), and do the encryption and key management yourself; ideally using audited open source code.

Nothing is perfect, even this. And I could go on and on about how to further mitigate risks to your client side solution. But its a lot better than simply trusting your storage provider.

Usage: fortune -P [-f] -a [xsz] Q: file [rKe9] -v6[+] file1 ...