Become a fan of Slashdot on Facebook


Forgot your password?

Comment: Let me get this straight... (Score 3, Interesting) 355

by davek (#48926923) Attached to: Why Screen Lockers On X11 Cannot Be Secure

Let me get this straight. In order to exploit this vulnerability, an attacker must:
  * gain login access to your system via SSH
  * hope you turned on X11 forwarding
  * be root or your user
  * hope you've disabled access control with `xhost +`
  * be able to run a fake screen locker program to get your password to the system he's already completely compromised

Yes, someone could still stop by your desk and put in the fake screen locker while you were getting coffee, but if you got up and didn't lock your machine, that's on you, not X11.
I'll file this one under "good enough" security.

Comment: Re:Bitcoin is faulty by nature (Score 0) 161

by davek (#48737677) Attached to: Bitstamp Bitcoin Exchange Suspended Due To "Compromised Wallet"

> It's appalling how bitcoin evangelists still didn't understand the simple issue that makes Bitcoin impossible to work: Bitcoin has zero accountability.

Much unlike the systems of government-backed currency, where government employees who commit crime, cronyism, and fraud are always held accountable?

Bitcoin is a commodity, not a currency. Like gold, it's only worth what people will pay for it.

Comment: simple and effective: referencer (Score 1) 259

by davek (#48600541) Attached to: Ask Slashdot: Best Software For Image Organization?

I use a little program called Referencer to manage images of bills and checks. I spent a /lot/ of time looking for a simple program where I can organize a stack of images (or PDFs) by applying 1 or more tags to each. THAT'S ALL. Referencer is made for generating bibliographies for TeX documents, but it is STILL the only simple program I know of that can manage a database of files and tags.

If anyone knows of a better one, PLEASE let me know. I have a feeling the app will soon be orphaned.

+ - Government Involved in a "Battle For The Human Soul"->

Submitted by davek
davek (18465) writes "From its very inception, the Leninist/Marxist ideology of the Soviet Union made it a central priority to dispel and subjugate religious and spiritual expression. The state was “god.” No other god could be allowed to flourish, for if the people were given license and freedom of belief in something beyond themselves and beyond the establishment, they would retain a sense of rebellion. The collectivist philosophy requires the utter destruction of all competitors; otherwise, it can never truly prevail. The New World Order, an ideal often touted by globalists and defined by their own rhetoric as a scientific dictatorship in which collectivism is valued and individualism is criminalized, seems to me to be — in its ultimate form and intention — a battle for the human soul."
Link to Original Source

+ - Most IT Pros Prefer Open Source To Proprietary Software

Submitted by Anonymous Coward
An anonymous reader writes "Business continuity and control eclipse cost savings are the top reasons why U.S. IT professionals prefer open source to proprietary software. According to a Ponemon Institute study, more than 70 percent of IT professionals in the U.S agree that commercial open source software provides more control and ensures better business continuity than proprietary software. This research shows that cost savings are no longer the hallmark of open source in the minds of IT professionals, with the ability to lower costs ranking below quality in importance. This viewpoint is echoed by IT and IT security practitioners in Europe, the Middle East and Africa."

Medical Records Worth More To Hackers Than Credit Cards 78

Posted by samzenpus
from the pills-please dept. writes Reuters reports that your medical information, including names, birth dates, policy numbers, diagnosis codes and billing information, is worth 10 times more than your credit card number on the black market. Fraudsters use this data to create fake IDs to buy medical equipment or drugs that can be resold, or they combine a patient number with a false provider number and file made-up claims with insurers, according to experts who have investigated cyber attacks on healthcare organizations. Medical identity theft is often not immediately identified by a patient or their provider, giving criminals years to milk such credentials. That makes medical data more valuable than credit cards, which tend to be quickly canceled by banks once fraud is detected. Stolen health credentials can go for $10 each, about 10 or 20 times the value of a U.S. credit card number, says Don Jackson, director of threat intelligence at PhishLabs, a cyber crime protection company. He obtained the data by monitoring underground exchanges where hackers sell the information. Plus "healthcare providers and hospitals are just some of the easiest networks to break into," says Jeff Horne. "When I've looked at hospitals, and when I've talked to other people inside of a breach, they are using very old legacy systems — Windows systems that are 10 plus years old that have not seen a patch."

Comment: Re:Every book we read in school (Score 1) 410

by davek (#48002565) Attached to: It's Banned Books Week; I recommend ...

Every book we read in school was on the banned book list. Apparently banned doesn't mean what the dictionary says it means. The books are readily available and are often required material in junior high, high school and college.

Pretty sure most of Mark Twain has been banned in US schools, because of gratuitous (if temporarily appropriate) use of the N-word. Not to mention all the hubub about books about "Intelligent Design" or those which question government policy on war or the environment. Make no mistake: censorship is alive and well in our schools.


The Great Lightbulb Conspiracy 602

Posted by Soulskill
from the less-than-bright-ideas dept. writes: Markus Krajewski reports that today, with many countries phasing out incandescent lighting in favor of more-efficient and pricier LEDs, it's worth revisiting the history of the Phoebus cartel — not simply as a quirky anecdote from the annals of technology, but as a cautionary tale about the strange and unexpected pitfalls that can arise when a new technology vanquishes an old one. Prior to the Phoebus cartel's formation in 1924, household light bulbs typically burned for a total of 1,500 to 2,500 hours; cartel members agreed to shorten that life span to a standard 1,000 hours.

Each factory regularly sent lightbulb samples to the cartel's central laboratory in Switzerland for verification. If any factory submitted bulbs lasting longer or shorter than the regulated life span for its type, the factory was obliged to pay a fine. Though long gone, the Phoebus cartel still casts a shadow today because it reduced competition in the light bulb industry for almost twenty years, and has been accused of preventing technological advances that would have produced longer-lasting light bulbs. Will history repeat itself as the lighting industry is now going through its most tumultuous period of technological change since the invention of the incandescent bulb?

"Consumers are expected to pay more money for bulbs that are up to 10 times as efficient and that are touted to last a fantastically long time—up to 50,000 hours in the case of LED lights. In normal usage, these lamps will last so long that their owners will probably sell the house they're in before having to change the bulbs," writes Krajewski. "Whether or not these pricier bulbs will actually last that long is still an open question, and not one that the average consumer is likely to investigate." There are already reports of CFLs and LED lamps burning out long before their rated lifetimes are reached. "Such incidents may well have resulted from nothing more sinister than careless manufacturing. But there is no denying that these far more technologically sophisticated products offer tempting opportunities for the inclusion of purposefully engineered life-shortening defects.""

Comment: Re:Interestingly (Score 1) 50

by davek (#47909773) Attached to: Google's Android One Initiative Launches In India With Three $100 Phones

The phone I carry is running Android Jelly Bean. Retailed for $49.

No kidding. A $100 phone would be an upgrade to me.

Side note: India is NOT POOR. Don't believe what you see in the media. At my last job, my Indian counterparts made enough to support a wife, multiple kids, car & apartment on one developer's income. Can't do that in this country, even with an engineer's salary.

Comment: Re:What battle? (2010 wants its article back?) (Score 4, Insightful) 826

by davek (#47750939) Attached to: Choose Your Side On the Linux Divide

At the moment, just about every major distribution except Slackware and Gentoo not only supports systemd, but ships with it on by default.

So...what "battle" are we talking about? (Or did this post just fall forward five years from the past?)

Ubuntu is the largest distro I know of and it doesn't support it by default.

But you're right, all the arguments I've read against it boil down to Linus hating on one of the developers on the project and/or "It's too complicated and unmanageable!" I've yet to read something I'd consider a valid argument against it. A bunch of neck beards yelling "Get off my lawn!" is not and argument I can get any value out of.

When the neck beards speak, it's often prudent to at least listen.

I'm reminded of a myth, of when the Ancients were sitting down to design Unix, someone said "Why would we ever need a special file, that never contains any data, and always throws away everything written to it?" The Ancient replied, "Trust me, you'll need it." And thus, /dev/null was born.

The Courts

Climate Change Skeptic Group Must Pay Damages To UVA, Michael Mann 497

Posted by Unknown Lamer
from the stop-trolling dept.
ideonexus (1257332) writes In January of 2014, the American Traditions Institute (ATI) sought climate scientist Micheal Mann's emails from his time at the University of Virginia, a request that was denied in the courts. Now the Virginia Supreme Court has upheld a lower court ruling that ATI must pay damages for filing a frivolous lawsuit. Thus ends "Climategate." Hopefully.

Comment: As true as "hybrid cars get 400 MPG" (Score 1) 461

by davek (#47316305) Attached to: Half of Germany's Power Supplied By Solar, Briefly

If you cherry-pick data, you can get it to say just about anything. It's similar to how hybrid cards are allowed to use MPG data from when only the electric motor is running, making the clain that they get hundreds of miles per gallon. What did they /do/ with that electricity? Could it be stored and used when the sun went down? How efficient are they over time? I'm sorry, but nuclear power and continued prudent use of fossil fuels are the ONLY solutions for the worlds energy problems. It is physically and mathematically impossible to power the world with straight wind or sun power (which is not to say it couldn't be used as a catalyst in some yet-to-be-discoved process).

Sorry to rain on your solor parade.

Comment: Re:Let's look at the Canadian example (Score 1) 222

by davek (#47297943) Attached to: WikiLeaks Publishes Secret International Trade Agreement

Canada was openly ridiculed by the US for not deregulating its financial industry right up until the financial disaster. By an large, Canada escaped disaster that plagued the other G8 countries in the banking meltdown.

So, we have recent proof that strict financial regulation works and yet they want to keep doubling down on deregulation?

The argument of "See! It works in $OTHER_COUNTRY! Why is the US so dumb in not doing it the same way?" is getting really tired. Maybe if the US was full of 300 million Canadians, I might agree with you, but it isn't. Even if I stipulate that Canada "works" (which I certainly do not), what works there doesn't necessarly work here

Also, the Canadian housing bubble never really popped. Rest assured that it will. http://www.thefinancialblogger...

Comment: Re:Ghash.IO is not consistently over 51%, yet anyw (Score 2) 281

by davek (#47244587) Attached to: Bitcoin Security Endangered By Powerful Mining Pool

Not yet anyways.

6 months ago GHash.IO promised they would
(1) Take steps to prevent accumulating 51% hashing power, including: not accepting new miners, and
(2) They would not attempt an attack, and (3) They would provide users an option to use another mining pool
(They have apparently not implemented (3) yet).

A DDoS against the pool was reported to occur yesterday, which adversely affected mining.
At one point... their hashrate was reported to have dropped to 7%.
Then BitFury pulled 1 PH/s out of their pool.

Excellent post. BTC haters gonna hate, and I don't understand why.

Funny thing about pooled mining, it's run by the users. User's don't like it? They go away.


Bitcoin Security Endangered By Powerful Mining Pool 281

Posted by timothy
from the cornering-the-market dept.
An anonymous reader writes Ars Technica reports that for the first time in Bitcoin's five-year history, a single entity has repeatedly provided more than half of the total computational power required to mine new digital coins, in some cases for sustained periods of time. It's an event that, if it persists, signals the end of crypto currency's decentralized structure."

Optimism is the content of small men in high places. -- F. Scott Fitzgerald, "The Crack Up"