Follow Slashdot stories on Twitter


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:Good Thing (Score 1) 231

by bogado (#28058215) Attached to: Flaw Made Public In OpenSSH Encryption

This is probably because no one uses it or care for it. Encryption is not a matter of simply slapping an encrypted channel on top of something and that something is magically secure.

Just on the top of my head I could bet that this telnet is vulnerable to timing attacks that ssh were once vulnerable. you see, telnet usually sends keys as fast as it can, so when you're typing your password the timing between the keys-down events are reflected on the timing of packages that go trough the net, with those timings you can narrow down the brute force password search.

SSH is more smart then telnet, so first it has a initial handshake that is not part of the session, so the first password, the login password, is sent in a single packet. But even for other password prompts that are asked during the session, openssh notice that the no-echo mode is activated and uses a timeout to join together more then one key on a single packet, since there is no echo this does not compromise the responsiveness of the session.

Comment: Re:My first thought from reading this (Score 1) 684

by bogado (#26646999) Attached to: Miscalculation Invalidates LHC Safety Assurances

People used to believe that incantations could summon gods or demons (or what ever) that were able to destroy the world. The fact that those people believed that didn't make it more real.

The main argument to why the LHC will not destroy anything is very simple indeed. No machine human made collisions with that amount of energy don't mean that those don't happen naturally.

In fact collisions with even more energy happen naturally and frequently, it just happen that we don't have huge detectors to measure them when they happen.

Comment: Re:Non-Windows User Here (Score 1) 290

by bogado (#26558355) Attached to: US-CERT Says Microsoft's Advice On Downadup Worm Bogus

No that is still windows fault, the user is used to click thousands of those cryptic little windows that appear whenever he has to do something. He doesn't even read them anymore.

A better solution is to ask the users password before installing stuff, those prompts are rare and give the user the impression that something potentially harmful is about to happen.

On the other hand, the system can not over use it, some versions of linux require that you enter your password even to change the system time for instance. This abuse of the password prompt can make users get used to them, and just like the warning dialogs they will get trained to enter the password on demand, without thinking.

Comment: Re:It's optional! (Score 1) 664

by bogado (#26210313) Attached to: Will People Really Boycott Apple Over DRM?

I have never actually used itunes (I use linux), but every time I have to interact with it it only gave me head aches or stood in the way of doing something.

I use mainly ogg, not because I am an audiophilie, but because I believe in open source and free from patent formats. So maybe I am a "technology zealot" as the troll bellow ( said. But I am not a radical, I don't re-encode mp3s into ogg, nor I want to turn my ogg permanently into mp3, I am studding an alternate solution, I want to make the daapd server reencode on the fly when serving itunes and serve ogg streams to everyone else.

Comment: Re:It's optional! (Score 1) 664

by bogado (#26199461) Attached to: Will People Really Boycott Apple Over DRM?

ITunes sucks it don't play ogg by default and it refuses to play ogg from the network even after the quicktime coded is installed. I have setted up a daap for my home and itunes simply does not work, while rythmbox work perfectly.

I also tried to configure songbird to see my daap, but had no luck, and my wife want something that is as easy as itunes.

Also I loved the "Dr. Horrible sing along blog" I tryed to buy the files from itunes, it is impossible, because you know you have to have a itunes installed, so one less sell.

ARGH I really hate itunes.

The 11 is for people with the pride of a 10 and the pocketbook of an 8. -- R.B. Greenberg [referring to PDPs?]