Forgot your password?
typodupeerror

+ - Linode hacked, CCs and passwords leaked 6

Submitted by Anonymous Coward
An anonymous reader writes "On Friday Linode announced a precautionary password reset due to an attack despite claiming that they were not compromised. The attacker has claimed otherwise, claiming to have obtained card numbers and password hashes. Password hashes, source code fragments and directory listings have been released as proof. Linode has yet to comment on or deny these claims."

Comment: Re:this makes me itchy (Score 1) 233

by Seakip18 (#40001807) Attached to: Solyndra's High-tech Plant To Be Sold

6) Company B, having successfully fleeced the public initially, now set out a way to fleece the public....again/
7) Company B, reusing same political connections under Company A, convince gov't to buy Company B's wares.
8) Profit!
9) Use new monies to get policy makers to write restrictions that put your product/industry in a legalized monopoly.
10) Profit!
11) Become overleveraged and essential that you can then afford to make bad decisions without fear of recourse.
12) Hold industry/public hostage using "If we aren't saved, the public suffers greatly".
13) Get public monies again b/c you are too big to fail.
14) Profit!

Ok, that example is mostly a joke....mostly.

Comment: Re:Why Atmel? (Score 1) 62

by Seakip18 (#38770936) Attached to: Adafruit's Open-source Wearable Platform, Flora

With the Arduino, I can get a LCD + DS18S20 up and running in 20 minutes from unwrapping to code compiled and measuring temps. Part of it may just be where I'm at on the learning curve or maybe it is that easy.

Can you do this on the ARM platform? Not intending to troll, I'm flat out curious about the libraries and ease of use.

Comment: Re:It was actually $467 for the Android version (Score 1) 234

by Seakip18 (#38155062) Attached to: OSHA App Costs Gov't $200k

When you have monthly deliverables, you get a pretty fast feedback loop. The code I write gets put in use pretty darn quick.

I'm not saying a manager keeping updated is a bad thing. I'm just saying that the frequent pings and requests for information can cause more harm than good, especially if a manager thinks they can get highly accurate and highly precise data every time.

Comment: Re:It was actually $467 for the Android version (Score 1) 234

by Seakip18 (#38153602) Attached to: OSHA App Costs Gov't $200k

I'm going to etch your comment onto something at my desk so that I will always remember it.

We were at the end a release and the two dev directors start hounding you "When will it be done? How much longer?", etc.

It gets to a point when you just want to say "It'll be done when it's checked in and code reviewed."

Comment: The damning text (Score 2) 652

by Seakip18 (#35504934) Attached to: White House Wants New Copyright Law Crackdown

Page 10 of the actual whitepaper.

Ensure Felony Penalties for Infringement By Streaming and by Means of Other New Technology: It is
imperative that our laws account for changes in technology used by infringers. One recent technological
change is the illegal streaming of content. Existing law provides felony penalties for willful copyright
infringement, but felony penalties are predicated on the defendant either illegally reproducing or
distributing the copyrighted work.2 Questions have arisen about whether streaming constitutes the
distribution of copyrighted works (and thereby is a felony) and/or performance of those works (and
thereby is a not a felony). These questions have impaired the criminal enforcement of copyright laws.
To ensure that Federal copyright law keeps pace with infringers, and to ensure that DOJ and U.S. law
enforcement agencies are able to effectively combat infringement involving new technology, the
Administration recommends that Congress clarify that infringement by streaming, or by means of other
similar new technology, is a felony in appropriate circumstances.
Recommendation: The Administration recommends that Congress clarify that infringement by streaming,
or by means of other similar new technology, is a felony in appropriate circumstances.

I like how "appropriate" is not spelled out.

Comment: Re:Isn't salting to avoid similarities in hashes? (Score 1) 409

by Seakip18 (#35150906) Attached to: Are You Sure SHA-1+Salt Is Enough For Passwords?

Gawker actually encrypted,from what I've read, their passwords, rather than store a hash of them. This is what allowed even folks with good passwords to become vulnerable to Gawker's idiocy. The encryption can eventually be broken, exposing everyone's passwords.

But yeah, assuming a global salt or non-salted usage, once you figure out the hash for user A, you can easily tell if any other users have that password. The salt isn't really a secret. It just tells the person with your password list "Good luck compromising a user anytime soon with your precomputed hash tables."

Comment: I look foward to listening to it in full! (Score 2, Interesting) 337

by Seakip18 (#33729184) Attached to: Father of Java, James Gosling Unloads

I browsed through the interview and hope I can listen to the podcast soon.

He says some neat things:

James Gosling: Various Oracle employees have been instructed not to wear them. I've noticed this is a great tshirt(the "Free Duke" shirt) to wear in big crowds around here because the seas just parts, 'cuz people are like, 'I don't want to be near that.' Which I find really funny. And the whole free java thing is kind of a weird history with me because Sun from day zero is an open source company and this whole weirdness that we have about open source was not a weirdness open source but a weirdness about the actors and the games in the drama.

James Gosling: Absolutely. I have this love hate thing with Google these days. They can get kind of creepy.

Moderator: Do you use the browser plug ins that prevent the ads and block and analytic stuff?

James Gosling: No. I mean, I sometimes do.

Some...well...things that I don't think I can get behind:

In the enterprise space, things like Cassandra and Voldemort and some of the NoSQL database. I've never got it when it comes to SQL databases. It's like, why? Just give me a hash table and a shitload of RAM and I'm happy. And then you do something to deal with failures. And you look at the way things like the NoSQL movement is. It's various flavors of large scale distributed hash tables and trying to deal with massive scale and massive replication, and you can't back up the database because no tape farm is big enough. And you find scale and reliability can fit together at the same time

and some interesting:

James Gosling: Well that's right, [they](Oracle) didn't own Java, but it just points out, and I don't know how to say it other than to say they were lying, duplicitous shits three years ago and by their turnaround, they're basically admitting that. Oracle is kind of a funny company because they take glory in that. They have no issues with being categorized that way. Some of their PR people might get a little uncomfortable with it, but up at the top, they deeply, deeply don't give a shit.

I'm still not sure how to regard Oracle right now, but I'm comfortable with the idea that Java needs a permanent and legal separate existence from Oracle.

Truth is free, but information costs.

Working...