Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Comment: Re:RTFA (Score 2) 187

by Zardus (#49392099) Attached to: Amazon Moves "Buy Now" Into the Physical World, With the Dash Button

Maybe you are.

While base products, like TP or toothpaste, are more expensive on Amazon than in physical stores, the price difference isn't *that* much. To some people, an extra dollar or two is easily worth not having to worry about it at the store next time. If you tally up your yearly usage of toothpaste (say, if you're an insanely prolific tooth brusher, or have a family) to be a giant tube a month, that's $30 a year from Amazon as opposed to, say, $12 from a real store.

If you're well-organized and go to the store regularly, the $18 isn't worth it. Personally, I am not perfectly organized, and am insanely busy. That $18 difference is worth forgetting about it in the store a few times in a row and going without toothpaste for a week. Of course, it's not even an $18 difference: I probably go through two tubes a year, so it's a $3 difference. That's almost literally nothing.

Comment: Nothing new (Score 5, Interesting) 178

by Zardus (#49317851) Attached to: Gaming On Linux With Newest AMD Catalyst Driver Remains Slow

It's been this way for years. ATI/AMD support for Linux is unbelievably bad. nVidia support is basically perfect, with the exception of the open-source issue. In the past, I've bought a brand new (nVidia) video card, right after it was released, brought it home, and got it running under Linux, day 1, with no headaches. If you want decent Linux graphics, go nVidia.

Comment: Re:Bring it on, folks! (Score 1) 215

by Zardus (#49050203) Attached to: New Encryption Method Fights Reverse Engineering

That's actually the opposite of true. Many techniques (http://static.usenix.org/event/woot09/tech/full_papers/paleari.pdf, http://roberto.greyhats.it/pro..., http://honeynet.asu.edu/morphe..., http://www.symantec.com/avcent...) exist to identify the presence of a CPU emulator, because these things aren't (and will likely never be) perfect. Most of those techniques don't even rely on timing attacks. Once you introduce timing attacks (*especially* if there's an external source of time information), all bets are off.

Comment: Re:One elegant solution... is ours. (Score 2) 288

by Zardus (#46917311) Attached to: Applying Pavlovian Psychology to Password Management

I'm glad people are out there thinking about this. As I understand it, though, there are a couple of drawbacks to this specific approach.

1. The unique identifier that now allows you to be tracked across each application you use. I guess this can be solved by having multiple IDs per app. You might want to consider this.
2. "Pay per authentication"...
3. Requirement for your phone to have connectivity. While this doesn't matter most of the time, it can be important when, for example, you're traveling abroad and don't have phone service.
4. You need to be a trusted party for your users. If you're compromised, the whole system is screwed.

Other approaches, such as Google Authenticator, provide 2FA without the requirements of connectivity, trackability, trust, or payment. The only advantage (and this is also quite a weakness) that I can see with your approach is that it's probably easier to replace a lost phone; just call you guys and have you reroute the passwords to a different app. The problem is that this opens the door to social engineering attacks (see #4).

You can write a small letter to Grandma in the filename. -- Forbes Burkowski, CS, University of Washington

Working...