Forgot your password?

Comment: Re:Computers: They can respond fast -and- slow (Score 1) 201

by Tom (#48228319) Attached to: Passwords: Too Much and Not Enough

or lock out the console/IP entirely, after N failed attempts.

Which opens the door to DOS attacks on target accounts, but there are several smart ways to work around that (send an unlock link to the e-mail address for that user, for example).

I hope security "analysts" catch on to reality soon.

There are two kinds of security people in the business world. Those with a real interest in advancing the field and making computing more secure, and those working for large consulting and IT "Security" companies. I am exaggerating some, of course, and there are great people in those companies as well, but unfortunately the business concept of too many of them is based on solving problems in such ways that you can sell the solution to many other customers, not on finding a solution that takes care of the actual problem.

It's the same with consulting companies and the insource/outsourcing cycles. There are good arguments for both of them, but if you've watched the business world for a decade or two you understand that they are hyped in cycles so the same consultants who sold outsourcing to a company last period can sell insourcing to the same company next period or after the next CTO change.

Comment: not news (Score 1) 201

by Tom (#48228297) Attached to: Passwords: Too Much and Not Enough

Me and other security experts have been saying such things for years.

Basically, our password handling systems and policies are completely broken. It's not just what xkcd pointed out - it's worse. Those policies are based on making brute-force attacks more difficult. But to sum up a complex topic in a soundbite: If your system allows for brute-force attacks, your system is fatally broken.

Comment: Re:Packages can't be removed? (Score 2) 116

by Waffle Iron (#48227641) Attached to: OwnCloud Dev Requests Removal From Ubuntu Repos Over Security Holes

Because ubuntu dosen't allow new major versions to be added to a distro that has already been released.

Do they allow packages to be ranamed? Then changing only 5 bits woudl rectify the situation.

If they just leave the code as-is, but change the name from "ownCloud" to "pwnCloud", then the actual functionality of the package would be clear to everyone.

Comment: Re:Remember when WSJ had a modicrum of decency? (Score 2) 648

Except the minimum wage hasn't actually increased anywhere but Seattle, Washington(and even there it's still being phased in), and more-over, one of the big principles that undercuts this argument is: "once you can automate away a job, is there any wage at which you wouldn't?"

No, there isn't any wage at which you wouldn't - and it's been happening right under our noses for thirty-forty odd years now. Most people don't notice it because "automation takes away jobs" is virtually always assumed to mean "low education, low or no skill, rote and/or repetitive" jobs.

But the microprocessor revolution changed all that. The skilled master machinist has been replaced by an unskilled worker who loads and unloads a CAM machine. The draftsmen that, under the direction of an engineer, created and maintained the drawings the machinist worked from has been replaced by a CAD program used directly by the engineer. The engineer himself has been partly replaced by electrons too... instead of spending weeks with slipstick working out a stress calculation, now sets it up in a day or two on the appropriate software, clicks the mouse, and it's finished before he gets back from freshening his coffee.

And that's just one example, consider the business my wife works at... Thirty years ago, and at a tenth the size they had a full time accountant and two full time bookkeepers (plus data entry clerks and file clerks) - now they have an (almost) full time accountant, the bookkeepers (along with the data entry clerks and the filing clerks) having been replaced by a POS system.

When it's skilled, or especially when it's white collar, we call it "productivity improvement"... but we should call a spade a spade. It's automation.

Comment: Re:Bull (Score 1) 54

by hairyfeet (#48222435) Attached to: Microsoft Exec Opens Up About Research Lab Closure, Layoffs

Or maybe he is just accepting reality, which is unless there is some major breakthrough we're pretty much finished innovating? The cost to get below 20nm has been calculated to be non-profitable for pretty much everybody, sure Intel is doing it but they are also shutting fabs because chips have been insanely overpowered for several years now and ARM? ARM don't scale, once you go past a certain MHz it shits all over its power budget which is why we are now up to octocore on the ARM side.

The simple fact is that all the really good uses for tech have been done, which is why Apple is grasping at straws with the iWatch. Computers, be it desktop or mobile, are gonna end up like washing machines, things you don't replace until they break. You can stuff 'em in tables and walls and watches all day long but unless we come up with either some super new battery tech or some new material that doesn't have electron leakage? We are pretty much as high as we are gonna go. Hell even gaming can't punish the systems like it used to, a C2Q from half a decade ago can easily play damned near every game out there, there just isn't anyway to go higher without blowing LOTR money on the game.

Comment: Re:Cashiers (Score 1) 648

Wonder if the cashiers would even be able to do that today...

They weren't able to do it back then, either.

Any large order had an almost 100% chance of having an arithmetic error. It was always unfathomable to me how more than a century after the invention of the cash register, a multi-billion dollar company could predicate all of their income on high school students' scribbling. Not to mention having to wait in line while all these errors were tediously generated by the staff then checked over by irate customers.

It was a great thing when McDonalds finally dragged themselves into the 19th century.

Comment: Re: It helps to actually use the thing. (Score 1) 287

by hairyfeet (#48219001) Attached to: How Sony, Intel, and Unix Made Apple's Mac a PC Competitor

And have the RAM soldered to the board? No thanks, I don't like getting buttfucked so some corp can charge Compaq RAM profit margins for commodity parts.

I'd much rather buy a quad with SSD for $210 or an octocore with HDD for $290 and use the money I save to buy a more powerful GPU and as much RAM as I'd like without getting bent over to increase Apple's quarterly earnings report.

If you like Apple because you like the design or having a girly UI bolted onto BSD? That's cool, enjoy your purchase. But don't try to sell us that horseshit that Apple is a "good deal" because its not, never was, and never will be. Its a boutique brand with insane profit margins on the exact same parts you can get from anywhere...let me repeat that, they use THE EXACT SAME PARTS you can buy anywhere, its the same bog standard Foxxconn made boards, same Intel CPUs, same old same. If you want to pay a hipster tax to apple? Its your money, spend it how you wish, but don't try to sell us bullshit, we ain't buying crazy today.

+ - Ask Slashdot: Bitcoin over Tor is a bad idea?->

Submitted by jd
jd (1658) writes "Researchers studying Bitcoin have determined that the level of anonymity of the cryptocurrency is low and that using Bitcoin over Tor provides an opportunity for a Man-in-the-Middle attack against Bitcoin users. (I must confess, at this point, that I can certainly see anonymity limitations helping expose what machine is linked to what Bitcoin ID, putting users at risk of exposure, but I don't see how this is a function of Tor, as the paper implies.)

It would seem worthwhile to examine both the Tor and Bitcoin protocols to establish if there is an actual threat there, as it must surely apply to any semi-anonymous protocol over Tor and Bitcoin has limited value as a cryptocurrency if all transactions have to be carried out in plain sight.

What are the opinions of other Slashdottians on this announcement? Should we be working on an entirely new cryptocurrency system? Is this a problem with Tor? Is this a case of the Scarlett Fish (aka: a red herring) or something to take seriously?"

Link to Original Source

Comment: Re:Wrong distance away (Score 1) 23

by hairyfeet (#48215549) Attached to: Two Exocomet Families Found Around Baby Star System
What does it matter really? Thanks to that relativity thing we will never ever get anywhere anyway, it could be a trillion light years or 50 light years, it just won't matter because at the end of the day all we will EVER get to do is look at the past through our little telescopes because we are out here in the asshole end of a spiral arm, too far from anything good to get anywhere.

Sorry if that is depressing but if you look at pics of the Milky Way there is plenty of places where you can practically hop from star to star and then....there is where we are, this little island so far from the good stuff that if we built a probe with our best reactor its power would be long dead before it reached the next star, much less any of the real interesting places.

Comment: Re:Oooh ... formally promised ... (Score 1) 164

by hairyfeet (#48215485) Attached to: Ello Formally Promises To Remain Ad-Free, Raises $5.5M

"Greetings valued user. As of this day our IP has been sold to MAJOR MARKETING COMPANY FRONT OF THREE LETTER AGENCY. As a result of said purchase we have now shut down and all user accounts are closed. If you wish to maintain your account and information, you may accept the EULA below and your account will be transferred to MAJOR MARKETING COMPANY FRONT OF THREE LETTER AGENCY's new social networking system that will offer all of the same functionality we did and more!" FTFY

A site dedicated to user privacy, with each user going to enough trouble of using this over the more....err..."open data" social sites? That would be probably worth an easy 20 million, after all to a 3 letter agency 20 mil is chump change. They also wouldn't care if the users ran or not, the past data is the value as it can be used to build detailed files on the kind of people that care about privacy, the same kind that protest or go to occupy events,the kind 3 letter agencies want big files on.

Comment: Re:Wonder if their time hasn't already passed... (Score 4, Insightful) 164

by DerekLyons (#48213695) Attached to: Ello Formally Promises To Remain Ad-Free, Raises $5.5M

I would imagine it's down to too few people being on it still.

Not just too few people... it's also feature incomplete.

How long do you suppose people will wait before just not bothering with it?

It's already started... Ello has failed to learn the lesson of G+ and odds are, it will suffer the same fate. Gatekeeping at launch is just shooting yourself in the foot - people want to try your system, and if you lock them out... they aren't coming back. First impressions matter, and a barred door with a sign saying "only kewl kids allowed" makes a powerful first impression. In addition, G+, and Diaspora, and now Ello can't seem to grasp that to most people, personal privacy is just one of the many factors that they weigh. On top of the network effect there's also the features the system supports (chat, pages/groups, games, etc...), and all of the would be pretenders have fallen short on that front. (Or added them too late to make a difference.)

On top of that... Ello is going to have to come up with some pretty impressive optional features in order to induce people to pay for them - things the users can't get elsewhere while *also* providing a complete set of the features users have come to expect. That's a very tall order.

There's no doubt that like G+, Ello might be able to eke out a meager living on the fringes... but as a Facebook killer, or even serious competitor, it's already dead.

Comment: Re:Please Microsoft... (Score 1) 347

by hairyfeet (#48210595) Attached to: The Classic Control Panel In Windows May Be Gone

Why go to TPB when Win 10 is free to download straight from MSFT? And YES the tiles are only on the right side, where devices and printers and control panel used to be (they are on the left now, big whoop) and its easy enough to simply remove those tiles.

On a positive note you can make those tiles anything you want (as well as nothing at all) so I have stuck the weather there, although now that I have my Windows 7 gadgets back I'll probably get rid of it as I can easily add weather along with my beloved CoreTemp there.

Receiving a million dollars tax free will make you feel better than being flat broke and having a stomach ache. -- Dolph Sharp, "I'm O.K., You're Not So Hot"