Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Slashdot Deals: Deal of the Day - 6 month subscription of Pandora One at 46% off. ×

Comment *yawn* (Score 5, Informative) 13

This is a second-order attack that only affects MDM clients, and then only if they've installed a rogue app AND the MDM is pre-provisioning with sensitive data. It's also already patched. It's easy to check the OS version on iOS devices tied to an MDM so that the IT department knows which ones need updates.

Nice catch on the security side, but not a real humdinger.


Comment A matter of priorities (Score 3, Insightful) 212

The US government has lost sight of the larger issue here. The tail (NSA and law enforcement) is wagging the dog.

The NSA and law enforcement agencies want to be able to intercept anything, since it makes their jobs easier. However, this runs counter to the larger national interest of the United States.

Which country has the highest level of connectedness and dependence on the Internet? Which country would be worst hurt if a sophisticated attacker was able to penetrate and conduct malicious actions using the systems connected to the Internet? The US, that's who. It is by far in the US's overall national interest to properly secure the Internet and communications infrastructure. Eavesdropping on everyone else is a secondary benefit, in comparison.

The proper role of the President and the Attorney General is to separate the desire of the NSA and law enforcement to make their jobs easier from the greater benefit to the country as a whole. They need to tell the ambitious underlings "NO" in unequivocal terms, then bitch slap them if they keep whining about it.


Comment Accessibility for Apple and Microsoft products (Score 1, Informative) 100

You didn't say what platform, but this has been an on-going emphasis for both Apple and Microsoft for a long time.

For OS X and iOS, see

For Windows, see

Hope this helps.


Comment End-to-End Audible Voting Systems (Score 1) 480

FFS, doesn't anyone do any research before posting stories? 60 seconds of research would turn up the Wikipedia entry on End-to-end audible voting systems. The problem of being able to verify that your vote is recorded as you intended without revealing the actual content of your vote has been solved by several teams. The ones that seem to have the best handle on things are Scantegrity, Pret-a-Voter, and Punchscan (the predecessor of Scantegrity) .

Using Bitcoin (which in fact has anti-anonymity properties) as an engine for voting is like attaching a tractor to a horse carriage. It may get you where you want to go, but it's nothing like a proper motor vehicle.


Comment Really, really weak evidence (Score 4, Informative) 158


The evidence here is really, really weak. The connection is tenuous enough and the original pool of possible suspects via their methodology is large enough that I sure as heck wouldn't rule out a connection via random chance. Until we get better evidence, this isn't worth very much.

Norse Security says as much in The Fine Article:

Stammberger was careful to note that his company's findings are hardly conclusive, and may just add wrinkles to an already wrinkled picture of what happened at Sony Pictures. He said Norse employees will be briefing the FBI on Monday about their findings.

"They're the investigators," Stammberger said. "We're going to show them our data and where it points us. As far as whether it is proof that would stand up in a court of law? That's not our job to determine, it is theirs," he said of the FBI.


Comment It's not a tank (Score 1) 163

Geez how the press gets this sort of thing so wrong. It's not a tank, it's an Infantry Fighting Vehicle (IFV). It's lightly armored against small arms and small-bore auto-cannon rounds, not against ATGMs, tank main guns, or RPGs.

The weight at 34 tonnes is much less than that of any current front-line tank (according to Wikipedia the Challenger 2 is 62.5 tonnes, almost double the Scout SV). It is a lot heavier than most current IFV's (e.g., the German Marder at 28 tonnes or BMP-3 at 18.7 tonnes), but that may not be such a good thing. It makes strategic mobility more of a problem and ensures that the Scout SV can't swim across rivers by itself.

Some reporter just cut and pasted from the press release. Feh!


Comment Full course available online (Score 4, Informative) 144


My son took the course last year as a senior in high school via iTunesU.

It's also available on EdX.

Heck, I took it way back thirty-odd years ago. :-)

Also, here's a link to the original article in the Harvard Crimson:


Comment Suggestions for the Apple technologist (Score 3, Informative) 131

In chronological order looking forward:

MacTech Boot Camps -
Small, local, inexpensive. Check to see if there's one close to you.

MacTech Conference -
Larger, both sysadmin and developer tracks

MacIT -
Larger, multiple tracks and levels of knowledge

The granddaddy of them all, but next to impossible to get into these days. Mostly developer focused. May not be useful if you don't already have a deep knowledge base.

MacAdmins -
The most education-focused of the conferences. Very knowledgeable presenters.

FWIW, I've been a presenter at MacTech Boot Camps, MacIT, and WWDC.


Submission + - Evernote Hit by Hackers (

plsuh writes: "Evernote is the latest victim of an attack. According to their website,

"In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost. We also have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed.

"The investigation has shown, however, that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords. Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (In technical terms, they are hashed and salted.)"

No indication as to the hashing mechanism — is it a simple, easily brute forced MD-5 or is it a harder, more secure PBKDF2, Bcrypt, or Scrypt with lots of rounds? Anyway, Evernote has reset the passwords of all of the affected users."

Comment Re:$3600 ship (Score 3, Informative) 398

He didn't jump back because he was physically incapable of doing so. In Eve: Online, other ships can use ship modules on you that prevents you from leaving the area. It's called "tackling." The pilot in question, upon erroneously jumping into the system, was tackled by enemy forces before he could escape. Instead of eating the loss, he called up on his allies to jump in to attempt to destroy the ships that were tackling him. (A titan-class vessel is largely unable to destroy the much smaller Heavy Interdictor-class vessels that are capable of tackling it due to the ship's poor tracking and large guns, and requires help if it is tackled. A good analogy here is trying to kill a fly with a cannonball at 30 kilometers -- guns in Eve work similarly.)

When the pilot's allies arrived, the enemies called THEIR allies and joined the fight. With the amount of tackling ships on the field, neither party could easily escape, and things snowballed considerably. The enemy forces in this case had the upper hand of available pilots and were able to inflict heavy losses.

Comment Re:Help an old guy understand this (Score 1) 398

You are right, but I can clarify the matter. In Eve: Online, other ships (typically your enemies) can use a ship module on you that prevents you from leaving the area, making you vulnerable to weapons fire. It's called "tackling." Tackling a titan-class vessel in Eve is difficult, requiring a special class of ship and a special weapon, but possible if you are coordinated enough and have enough espionage available to determine where your enemies will be.

Comment Re:Net energy? (Score 1) 580

Your assertion is that green capacity is always fully utilized, which is incorrect. Your second assertion is that non-renewable capacity is also fully utilized, which is also incorrect. This process yields a benefit when there is slack capacity in the system -- cases where it is generating more power than is actually needed. Instead of wasting that energy, it can be used for some useful purpose.

Comment Re:But that's not the real problem. (Score 1) 1651

There is no minimum speed limit on surface streets. You can bitch and moan about cyclists all you want, but they have a legal right to be there. Deal with it or get the law changed. Getting angry at the cyclist for "holding up traffic" is just as stupid as getting angry at school busses for stopping to pick up children or at the mailman for stopping to deliver mail.

I've got a bad feeling about this.