Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment: Web security is no substitute for Crypto-Auth (Score 2) 195

by dw (#42871083) Attached to: Everything You Know About Password-Stealing Is Wrong

So the argument is someone steals my password, steals my money, gives it to a money mule... then I get my money back from the bank, and someone that doesn't cost me in the end? Even disregarding the fact that those costs are going to get passed on to me somehow... The inconvenience of having to deal with identity theft is not always minor (and there's probably collateral damage here as well).

My biggest beef with banking is that I don't, but should, have the ability to send money with end-to-end authorization, by way public key crypto. If, say, Amazon could verify that I authorized a purchase using my public key, then network security, and banking security, is irrelevant. Bitcoins have offered a very secure example of how this could work, assuming that you have good local security (your private keys are safe).

Comment: Re:who is doing this? (Score 1) 212

by dw (#42395577) Attached to: Lax SSH Key Management A "Big Problem"

A nice solution I use for myself (home and work) is to use the ssh-agent distributed with GnuPG. I have an OpenPGP card (http://g10code.com/p-card.html) which holds my private key and cannot be retrieved. The card itself is PIN protected. I don't have to worry about my private key ever showing up in the filesystem or backups.

This works nicely with the -A option to ssh, which sets up a control channel back to the authentication agent on my desktop. I can ssh to server A, then ssh from A to B using my local smart card. If I'm ssh'd to server A and need to leave my desk, I can unplug the card and immediately break the authentication chain.

If I were setting up an SSH scheme in a large organization, this would be my first line of defense.

Chrome

+ - IE And Firefox Gain, While Chrome Loses Users For Third Month In A Row 1

Submitted by Anonymous Coward
An anonymous reader writes "November 2012 wasn’t too crazy a month for browsers, but there were some notable milestones. It was the first full month of IE10 availability. Mozilla launched Firefox 17 and Google released Chrome 23. Between October and November, Internet Explorer gained an impressive 0.63 percentage points. Firefox meanwhile regained its recent losses, grabbing 0.45 percentage points, while Chrome fell a whopping 1.31 percentage points (more than in September and October combined). Safari gained 0.04 percentage points and even Opera managed to pick up 0.07 percentage points."
Bitcoin

+ - Bitcoin GPU Miners still going strong->

Submitted by
ASDFnz
ASDFnz writes "One of the predictions that I posted might happen when the mining reward dropped from 50 BTC to 25 is that GPU Miners will get switched off because the price in electricity to run them would far outweigh the bitcoin reward they generate, I proposed that this would lead to a drop in the bitcoin network computation speed.

Well, I was wrong.

If you have a look at the graph provided by the great team over at http://bitcoin.sipa.be/ you will see that today, the 3rd of December 2012 a full 4 days after the reward drop the network computation speed is actually growing."

Link to Original Source
Microsoft

+ - Windows 8 adoption as slow as Vista->

Submitted by Billly Gates
Billly Gates (198444) writes "Computerworld recently published an article after Microsoft claimed $40 million copies were sold making it the most popular version of Windows ever made! Many of us had our doubts with stories of Microsoft and retailers blaming OEMs for low projections. Netmarketshare says otherwise as actual usage shows it only slighter higher than Vista with Windows 7 HUGELY more popular. Is Microsoft counting every new PC sale a Windows 8 one including corps who are imaging each device with Windows 7?"
Link to Original Source
DRM

+ - Leaping Brain's "Fort Knox" DRM Cracked

Submitted by Anonymous Coward
An anonymous reader writes "Leaping Brain promises that the DRM securing their MOD Machine video player offers "Fort Knox-level security":

Video content is protected with our BrainTrust DRM, and is unplayable except by a legitimate owner. All aspects of the platform feature a near-ridiculous level of security.

What is this "virtually uncrackable" DRM scheme? A simple XOR against the hardcoded string "RANDOM_STRING"!"

+ - Vint Cerf Prognosticates about the year 2112 1

Submitted by dw
dw (5168) writes "In an interview with European Magazine, Vint Cert predicts that in the early 22nd century, 'Freshwater will be the new oil', and 'Dystopia will be hard to fend off with resource shortages and changes in arable land.', and he explains how he's been confronted with some confusion over the meaning of the title 'Chief Internet Envangelist'"

Comment: Re:Still going (Score 1) 488

by dw (#41992893) Attached to: The Empire In Decline?

Linux/*BSD servers offer some rather flexible alternatives to these:

AD: OpenLDAP + Heimdal
DNS/DHCP: ISC Bind + ISC DHCP (with ddns)
GPO: OpenLDAP, PAM, RADIUS + your preferred hacks
Exchange: A capable IMAP server (i.e. Cyrus or Dovecot) + ICal server (Cyrus plus patches)
SQL/IIS: The usual suspects

It's easy to get into the mindset that a proprietary Ecosystem is hard to replace. If you take away the implied requirement that Microsoft has to exist on the Desktop (but but... it doesn't support Outlook Calendaring), the pieces start to fall into place.

In all cases, the open alternatives offer a more flexible solution, and in most cases, a far more efficient one.

Whatever flexibility you get from a graphical interface (Server Manager) is going to get trumped by a well honed script.

Comment: Theory is more important than Fact (Score 1) 1142

by dw (#41697125) Attached to: Ask Richard Dawkins About Evolution, Religion, and Science Education

You have publicly advocated for teaching evolution as fact, rather than theory.

In an imprecise world, scientific theory serves a purpose of assigning better understood, and predictable, behavior to large systems, like evolution and the theory of relativity. Most don't dispute the theory of relativity because it is testable. Due to its very nature, the theory of evolution is difficult to use as a yardstick to predict what happens when, say, you put a petri dish of living organisms in a dark room over night.

Shouldn't it be more important to teach the scientific method, and the understanding of what scientific theory is, than to teach that scientific theories are important only when they are taught as fact?

Comment: GPG + Dropbox (Score 1) 198

by dw (#39976369) Attached to: Ask Slashdot: Open Source Multi-User Password Management?

At work, we use gpg to encrypt our password file for specific recipients, and place that file in a dropbox share. On occasion, we'll generate a snippet of the file and encrypt it for a specific user (junior admin) and place it in the same location.

Arbitrary complexity is often contrary to trustable security. If you really trust your encryption scheme, then it shouldn't matter where you store it (windows share).

Unix

+ - Dennis Ritchie, creator of C programming language ->

Submitted by WankerWeasel
WankerWeasel (875277) writes "The sad news of the dead of another tech great has come. Dennis Ritchie, the creator of the C programming language and a key developer of the Unix operating system, has passed away. For those of us running Mac OS X, iOS, Android and many other non-Windows OS' have him to thank. Many of those running Windows do too as many of the applications you're using were written in C."
Link to Original Source
Security

+ - Poor Security for Electronic Medical Records->

Submitted by cheezitmike
cheezitmike (537630) writes "A report released by the US Department of Health and Human Services inspector general found that the push to convert health care providers to electronic medical records overlooks computer and network security concerns. From the story: "To underscore the point, the second audit examined computer security at seven large hospitals in different states and found 151 security vulnerabilities, from ineffective wireless encryption to a taped-over door lock on a room used for data storage.""
Link to Original Source

Comment: Re:Only 1998? (Score 1) 404

by dw (#33439304) Attached to: Microsoft Patents OS Shutdown

I rather doubt that. I have all of my important equipment protected by surge protectors, including the phone line which enters my house and plugs into my DSL modem. I've gotten hit via lightening over the phone line before. But if you want to trust the "I'll unplug everything when I hear lightning" approach to test your theory, be my guest.

+ - BP may have triggered a 'world-killing' event->

Submitted by SatireWolf
SatireWolf (1050450) writes "BP may have triggered a 'world-killing' event on par with the last two mammoth undersea methan bubble explosions 55 and 251 million years ago.

According to Northwestern University's Gregory Ryskin, a bio-chemical engineer, BP may have set-off a chain of geological interactions that could result in a huge upwelling of methane through fissures currently forming in the Gulf of Mexico. It is further posited that BP is in the process of designing a EPFCG charge (a mini-fusion-pulse-nuke) as a worst case scenario option. — http://www.helium.com/knowledge/381620-why-bp-is-readying-a-super-weapon-to-avert-escalating-gulf-nightmare"

Link to Original Source

Long computations which yield zero are probably all for naught.

Working...